<!DOCTYPE html>
<html lang="en" class="RFC BCP">
<head>
<meta charset="utf-8">
<meta content="Common,Latin" name="scripts">
<meta content="initial-scale=1.0" name="viewport">
<title>RFC 8996: Deprecating TLS 1.0 and TLS 1.1</title>
<meta content="Kathleen Moriarty" name="author">
<meta content="Stephen Farrell" name="author">
<meta content="
       

            This document formally deprecates Transport Layer
            Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346).
            Accordingly, those documents have been moved
            to Historic status. These versions lack support for current
            and recommended cryptographic algorithms and mechanisms, and
            various government and industry profiles of applications using
            TLS now mandate avoiding these old TLS versions. TLS version 1.2
            became the recommended version for IETF protocols in 2008
            (subsequently being obsoleted by TLS version 1.3 in 2018), providing
            sufficient time to transition away from older versions.
            Removing support for older versions from implementations reduces the
            attack surface, reduces opportunity for misconfiguration, and
            streamlines library and product maintenance.
       
       This document also deprecates Datagram TLS (DTLS) version 1.0 
      (RFC 4347) but not DTLS version 1.2, and there is no DTLS
      version 1.1. 
       This document updates many RFCs that normatively refer to TLS version 1.0 or
      TLS version 1.1, as described herein. This document also updates the best
      practices for TLS usage in RFC 7525; hence, it is part of BCP 195. 
    " name="description">
<meta content="xml2rfc 3.6.0" name="generator">
<meta content="TLS" name="keyword">
<meta content="deprecate" name="keyword">
<meta content="TLSv1.0" name="keyword">
<meta content="TLSv1.1" name="keyword">
<meta content="8996" name="rfc.number">
<!-- Generator version information:
  xml2rfc 3.6.0
    Python 3.6.10
    appdirs 1.4.4
    ConfigArgParse 1.2.3
    google-i18n-address 2.3.5
    html5lib 1.0.1
    intervaltree 3.0.2
    Jinja2 2.11.2
    kitchen 1.2.6
    lxml 4.4.2
    pycairo 1.19.0
    pycountry 19.8.18
    pyflakes 2.1.1
    PyYAML 5.3.1
    requests 2.22.0
    setuptools 40.6.2
    six 1.14.0
    WeasyPrint 51
-->
<link href="rfc8996.xml" rel="alternate" type="application/rfc+xml">
<link href="#copyright" rel="license">
<style type="text/css">/*

  NOTE: Changes at the bottom of this file overrides some earlier settings.

  Once the style has stabilized and has been adopted as an official RFC style,
  this can be consolidated so that style settings occur only in one place, but
  for now the contents of this file consists first of the initial CSS work as
  provided to the RFC Formatter (xml2rfc) work, followed by itemized and
  commented changes found necssary during the development of the v3
  formatters.

*/

/* fonts */
@import url('https://fonts.googleapis.com/css?family=Noto+Sans'); /* Sans-serif */
@import url('https://fonts.googleapis.com/css?family=Noto+Serif'); /* Serif (print) */
@import url('https://fonts.googleapis.com/css?family=Roboto+Mono'); /* Monospace */

@viewport {
  zoom: 1.0;
  width: extend-to-zoom;
}
@-ms-viewport {
  width: extend-to-zoom;
  zoom: 1.0;
}
/* general and mobile first */
html {
}
body {
  max-width: 90%;
  margin: 1.5em auto;
  color: #222;
  background-color: #fff;
  font-size: 14px;
  font-family: 'Noto Sans', Arial, Helvetica, sans-serif;
  line-height: 1.6;
  scroll-behavior: smooth;
}
.ears {
  display: none;
}

/* headings */
#title, h1, h2, h3, h4, h5, h6 {
  margin: 1em 0 0.5em;
  font-weight: bold;
  line-height: 1.3;
}
#title {
  clear: both;
  border-bottom: 1px solid #ddd;
  margin: 0 0 0.5em 0;
  padding: 1em 0 0.5em;
}
.author {
  padding-bottom: 4px;
}
h1 {
  font-size: 26px;
  margin: 1em 0;
}
h2 {
  font-size: 22px;
  margin-top: -20px;  /* provide offset for in-page anchors */
  padding-top: 33px;
}
h3 {
  font-size: 18px;
  margin-top: -36px;  /* provide offset for in-page anchors */
  padding-top: 42px;
}
h4 {
  font-size: 16px;
  margin-top: -36px;  /* provide offset for in-page anchors */
  padding-top: 42px;
}
h5, h6 {
  font-size: 14px;
}
#n-copyright-notice {
  border-bottom: 1px solid #ddd;
  padding-bottom: 1em;
  margin-bottom: 1em;
}
/* general structure */
p {
  padding: 0;
  margin: 0 0 1em 0;
  text-align: left;
}
div, span {
  position: relative;
}
div {
  margin: 0;
}
.alignRight.art-text {
  background-color: #f9f9f9;
  border: 1px solid #eee;
  border-radius: 3px;
  padding: 1em 1em 0;
  margin-bottom: 1.5em;
}
.alignRight.art-text pre {
  padding: 0;
}
.alignRight {
  margin: 1em 0;
}
.alignRight > *:first-child {
  border: none;
  margin: 0;
  float: right;
  clear: both;
}
.alignRight > *:nth-child(2) {
  clear: both;
  display: block;
  border: none;
}
svg {
  display: block;
}
.alignCenter.art-text {
  background-color: #f9f9f9;
  border: 1px solid #eee;
  border-radius: 3px;
  padding: 1em 1em 0;
  margin-bottom: 1.5em;
}
.alignCenter.art-text pre {
  padding: 0;
}
.alignCenter {
  margin: 1em 0;
}
.alignCenter > *:first-child {
  border: none;
  /* this isn't optimal, but it's an existence proof.  PrinceXML doesn't
     support flexbox yet.
  */
  display: table;
  margin: 0 auto;
}

/* lists */
ol, ul {
  padding: 0;
  margin: 0 0 1em 2em;
}
ol ol, ul ul, ol ul, ul ol {
  margin-left: 1em;
}
li {
  margin: 0 0 0.25em 0;
}
.ulCompact li {
  margin: 0;
}
ul.empty, .ulEmpty {
  list-style-type: none;
}
ul.empty li, .ulEmpty li {
  margin-top: 0.5em;
}
ul.compact, .ulCompact,
ol.compact, .olCompact {
  line-height: 100%;
  margin: 0 0 0 2em;
}

/* definition lists */
dl {
}
dl > dt {
  float: left;
  margin-right: 1em;
}
/* 
dl.nohang > dt {
  float: none;
}
*/
dl > dd {
  margin-bottom: .8em;
  min-height: 1.3em;
}
dl.compact > dd, .dlCompact > dd {
  margin-bottom: 0em;
}
dl > dd > dl {
  margin-top: 0.5em;
  margin-bottom: 0em;
}

/* links */
a {
  text-decoration: none;
}
a[href] {
  color: #22e; /* Arlen: WCAG 2019 */
}
a[href]:hover {
  background-color: #f2f2f2;
}
figcaption a[href],
a[href].selfRef {
  color: #222;
}
/* XXX probably not this:
a.selfRef:hover {
  background-color: transparent;
  cursor: default;
} */

/* Figures */
tt, code, pre, code {
  background-color: #f9f9f9;
  font-family: 'Roboto Mono', monospace;
}
pre {
  border: 1px solid #eee;
  margin: 0;
  padding: 1em;
}
img {
  max-width: 100%;
}
figure {
  margin: 0;
}
figure blockquote {
  margin: 0.8em 0.4em 0.4em;
}
figcaption {
  font-style: italic;
  margin: 0 0 1em 0;
}
@media screen {
  pre {
    overflow-x: auto;
    max-width: 100%;
    max-width: calc(100% - 22px);
  }
}

/* aside, blockquote */
aside, blockquote {
  margin-left: 0;
  padding: 1.2em 2em;
}
blockquote {
  background-color: #f9f9f9;
  color: #111; /* Arlen: WCAG 2019 */
  border: 1px solid #ddd;
  border-radius: 3px;
  margin: 1em 0;
}
cite {
  display: block;
  text-align: right;
  font-style: italic;
}

/* tables */
table {
  width: 100%;
  margin: 0 0 1em;
  border-collapse: collapse;
  border: 1px solid #eee;
}
th, td {
  text-align: left;
  vertical-align: top;
  padding: 0.5em 0.75em;
}
th {
  text-align: left;
  background-color: #e9e9e9;
}
tr:nth-child(2n+1) > td {
  background-color: #f5f5f5;
}
table caption {
  font-style: italic;
  margin: 0;
  padding: 0;
  text-align: left;
}
table p {
  /* XXX to avoid bottom margin on table row signifiers. If paragraphs should
     be allowed within tables more generally, it would be far better to select on a class. */
  margin: 0;
}

/* pilcrow */
a.pilcrow {
  color: #666; /* Arlen: AHDJ 2019 */
  text-decoration: none;
  visibility: hidden;
  user-select: none;
  -ms-user-select: none;
  -o-user-select:none;
  -moz-user-select: none;
  -khtml-user-select: none;
  -webkit-user-select: none;
  -webkit-touch-callout: none;
}
@media screen {
  aside:hover > a.pilcrow,
  p:hover > a.pilcrow,
  blockquote:hover > a.pilcrow,
  div:hover > a.pilcrow,
  li:hover > a.pilcrow,
  pre:hover > a.pilcrow {
    visibility: visible;
  }
  a.pilcrow:hover {
    background-color: transparent;
  }
}

/* misc */
hr {
  border: 0;
  border-top: 1px solid #eee;
}
.bcp14 {
  font-variant: small-caps;
}

.role {
  font-variant: all-small-caps;
}

/* info block */
#identifiers {
  margin: 0;
  font-size: 0.9em;
}
#identifiers dt {
  width: 3em;
  clear: left;
}
#identifiers dd {
  float: left;
  margin-bottom: 0;
}
#identifiers .authors .author {
  display: inline-block;
  margin-right: 1.5em;
}
#identifiers .authors .org {
  font-style: italic;
}

/* The prepared/rendered info at the very bottom of the page */
.docInfo {
  color: #666; /* Arlen: WCAG 2019 */
  font-size: 0.9em;
  font-style: italic;
  margin-top: 2em;
}
.docInfo .prepared {
  float: left;
}
.docInfo .prepared {
  float: right;
}

/* table of contents */
#toc  {
  padding: 0.75em 0 2em 0;
  margin-bottom: 1em;
}
nav.toc ul {
  margin: 0 0.5em 0 0;
  padding: 0;
  list-style: none;
}
nav.toc li {
  line-height: 1.3em;
  margin: 0.75em 0;
  padding-left: 1.2em;
  text-indent: -1.2em;
}
/* references */
.references dt {
  text-align: right;
  font-weight: bold;
  min-width: 7em;
}
.references dd {
  margin-left: 8em;
  overflow: auto;
}

.refInstance {
  margin-bottom: 1.25em;
}

.references .ascii {
  margin-bottom: 0.25em;
}

/* index */
.index ul {
  margin: 0 0 0 1em;
  padding: 0;
  list-style: none;
}
.index ul ul {
  margin: 0;
}
.index li {
  margin: 0;
  text-indent: -2em;
  padding-left: 2em;
  padding-bottom: 5px;
}
.indexIndex {
  margin: 0.5em 0 1em;
}
.index a {
  font-weight: 700;
}
/* make the index two-column on all but the smallest screens */
@media (min-width: 600px) {
  .index ul {
    -moz-column-count: 2;
    -moz-column-gap: 20px;
  }
  .index ul ul {
    -moz-column-count: 1;
    -moz-column-gap: 0;
  }
}

/* authors */
address.vcard {
  font-style: normal;
  margin: 1em 0;
}

address.vcard .nameRole {
  font-weight: 700;
  margin-left: 0;
}
address.vcard .label {
  font-family: "Noto Sans",Arial,Helvetica,sans-serif;
  margin: 0.5em 0;
}
address.vcard .type {
  display: none;
}
.alternative-contact {
  margin: 1.5em 0 1em;
}
hr.addr {
  border-top: 1px dashed;
  margin: 0;
  color: #ddd;
  max-width: calc(100% - 16px);
}

/* temporary notes */
.rfcEditorRemove::before {
  position: absolute;
  top: 0.2em;
  right: 0.2em;
  padding: 0.2em;
  content: "The RFC Editor will remove this note";
  color: #9e2a00; /* Arlen: WCAG 2019 */
  background-color: #ffd; /* Arlen: WCAG 2019 */
}
.rfcEditorRemove {
  position: relative;
  padding-top: 1.8em;
  background-color: #ffd; /* Arlen: WCAG 2019 */
  border-radius: 3px;
}
.cref {
  background-color: #ffd; /* Arlen: WCAG 2019 */
  padding: 2px 4px;
}
.crefSource {
  font-style: italic;
}
/* alternative layout for smaller screens */
@media screen and (max-width: 1023px) {
  body {
    padding-top: 2em;
  }
  #title {
    padding: 1em 0;
  }
  h1 {
    font-size: 24px;
  }
  h2 {
    font-size: 20px;
    margin-top: -18px;  /* provide offset for in-page anchors */
    padding-top: 38px;
  }
  #identifiers dd {
    max-width: 60%;
  }
  #toc {
    position: fixed;
    z-index: 2;
    top: 0;
    right: 0;
    padding: 0;
    margin: 0;
    background-color: inherit;
    border-bottom: 1px solid #ccc;
  }
  #toc h2 {
    margin: -1px 0 0 0;
    padding: 4px 0 4px 6px;
    padding-right: 1em;
    min-width: 190px;
    font-size: 1.1em;
    text-align: right;
    background-color: #444;
    color: white;
    cursor: pointer;
  }
  #toc h2::before { /* css hamburger */
    float: right;
    position: relative;
    width: 1em;
    height: 1px;
    left: -164px;
    margin: 6px 0 0 0;
    background: white none repeat scroll 0 0;
    box-shadow: 0 4px 0 0 white, 0 8px 0 0 white;
    content: "";
  }
  #toc nav {
    display: none;
    padding: 0.5em 1em 1em;
    overflow: auto;
    height: calc(100vh - 48px);
    border-left: 1px solid #ddd;
  }
}

/* alternative layout for wide screens */
@media screen and (min-width: 1024px) {
  body {
    max-width: 724px;
    margin: 42px auto;
    padding-left: 1.5em;
    padding-right: 29em;
  }
  #toc {
    position: fixed;
    top: 42px;
    right: 42px;
    width: 25%;
    margin: 0;
    padding: 0 1em;
    z-index: 1;
  }
  #toc h2 {
    border-top: none;
    border-bottom: 1px solid #ddd;
    font-size: 1em;
    font-weight: normal;
    margin: 0;
    padding: 0.25em 1em 1em 0;
  }
  #toc nav {
    display: block;
    height: calc(90vh - 84px);
    bottom: 0;
    padding: 0.5em 0 0;
    overflow: auto;
  }
  img { /* future proofing */
    max-width: 100%;
    height: auto;
  }
}

/* pagination */
@media print {
  body {

    width: 100%;
  }
  p {
    orphans: 3;
    widows: 3;
  }
  #n-copyright-notice {
    border-bottom: none;
  }
  #toc, #n-introduction {
    page-break-before: always;
  }
  #toc {
    border-top: none;
    padding-top: 0;
  }
  figure, pre {
    page-break-inside: avoid;
  }
  figure {
    overflow: scroll;
  }
  h1, h2, h3, h4, h5, h6 {
    page-break-after: avoid;
  }
  h2+*, h3+*, h4+*, h5+*, h6+* {
    page-break-before: avoid;
  }
  pre {
    white-space: pre-wrap;
    word-wrap: break-word;
    font-size: 10pt;
  }
  table {
    border: 1px solid #ddd;
  }
  td {
    border-top: 1px solid #ddd;
  }
}

/* This is commented out here, as the string-set: doesn't
   pass W3C validation currently */
/*
.ears thead .left {
  string-set: ears-top-left content();
}

.ears thead .center {
  string-set: ears-top-center content();
}

.ears thead .right {
  string-set: ears-top-right content();
}

.ears tfoot .left {
  string-set: ears-bottom-left content();
}

.ears tfoot .center {
  string-set: ears-bottom-center content();
}

.ears tfoot .right {
  string-set: ears-bottom-right content();
}
*/

@page :first {
  padding-top: 0;
  @top-left {
    content: normal;
    border: none;
  }
  @top-center {
    content: normal;
    border: none;
  }
  @top-right {
    content: normal;
    border: none;
  }
}

@page {
  size: A4;
  margin-bottom: 45mm;
  padding-top: 20px;
  /* The follwing is commented out here, but set appropriately by in code, as
     the content depends on the document */
  /*
  @top-left {
    content: 'Internet-Draft';
    vertical-align: bottom;
    border-bottom: solid 1px #ccc;
  }
  @top-left {
    content: string(ears-top-left);
    vertical-align: bottom;
    border-bottom: solid 1px #ccc;
  }
  @top-center {
    content: string(ears-top-center);
    vertical-align: bottom;
    border-bottom: solid 1px #ccc;
  }
  @top-right {
    content: string(ears-top-right);
    vertical-align: bottom;
    border-bottom: solid 1px #ccc;
  }
  @bottom-left {
    content: string(ears-bottom-left);
    vertical-align: top;
    border-top: solid 1px #ccc;
  }
  @bottom-center {
    content: string(ears-bottom-center);
    vertical-align: top;
    border-top: solid 1px #ccc;
  }
  @bottom-right {
      content: '[Page ' counter(page) ']';
      vertical-align: top;
      border-top: solid 1px #ccc;
  }
  */

}

/* Changes introduced to fix issues found during implementation */
/* Make sure links are clickable even if overlapped by following H* */
a {
  z-index: 2;
}
/* Separate body from document info even without intervening H1 */
section {
  clear: both;
}


/* Top align author divs, to avoid names without organization dropping level with org names */
.author {
  vertical-align: top;
}

/* Leave room in document info to show Internet-Draft on one line */
#identifiers dt {
  width: 8em;
}

/* Don't waste quite as much whitespace between label and value in doc info */
#identifiers dd {
  margin-left: 1em;
}

/* Give floating toc a background color (needed when it's a div inside section */
#toc {
  background-color: white;
}

/* Make the collapsed ToC header render white on gray also when it's a link */
@media screen and (max-width: 1023px) {
  #toc h2 a,
  #toc h2 a:link,
  #toc h2 a:focus,
  #toc h2 a:hover,
  #toc a.toplink,
  #toc a.toplink:hover {
    color: white;
    background-color: #444;
    text-decoration: none;
  }
}

/* Give the bottom of the ToC some whitespace */
@media screen and (min-width: 1024px) {
  #toc {
    padding: 0 0 1em 1em;
  }
}

/* Style section numbers with more space between number and title */
.section-number {
  padding-right: 0.5em;
}

/* prevent monospace from becoming overly large */
tt, code, pre, code {
  font-size: 95%;
}

/* Fix the height/width aspect for ascii art*/
pre.sourcecode,
.art-text pre {
  line-height: 1.12;
}


/* Add styling for a link in the ToC that points to the top of the document */
a.toplink {
  float: right;
  margin-right: 0.5em;
}

/* Fix the dl styling to match the RFC 7992 attributes */
dl > dt,
dl.dlParallel > dt {
  float: left;
  margin-right: 1em;
}
dl.dlNewline > dt {
  float: none;
}

/* Provide styling for table cell text alignment */
table td.text-left,
table th.text-left {
  text-align: left;
}
table td.text-center,
table th.text-center {
  text-align: center;
}
table td.text-right,
table th.text-right {
  text-align: right;
}

/* Make the alternative author contact informatio look less like just another
   author, and group it closer with the primary author contact information */
.alternative-contact {
  margin: 0.5em 0 0.25em 0;
}
address .non-ascii {
  margin: 0 0 0 2em;
}

/* With it being possible to set tables with alignment
  left, center, and right, { width: 100%; } does not make sense */
table {
  width: auto;
}

/* Avoid reference text that sits in a block with very wide left margin,
   because of a long floating dt label.*/
.references dd {
  overflow: visible;
}

/* Control caption placement */
caption {
  caption-side: bottom;
}

/* Limit the width of the author address vcard, so names in right-to-left
   script don't end up on the other side of the page. */

address.vcard {
  max-width: 30em;
  margin-right: auto;
}

/* For address alignment dependent on LTR or RTL scripts */
address div.left {
  text-align: left;
}
address div.right {
  text-align: right;
}

/* Provide table alignment support.  We can't use the alignX classes above
   since they do unwanted things with caption and other styling. */
table.right {
 margin-left: auto;
 margin-right: 0;
}
table.center {
 margin-left: auto;
 margin-right: auto;
}
table.left {
 margin-left: 0;
 margin-right: auto;
}

/* Give the table caption label the same styling as the figcaption */
caption a[href] {
  color: #222;
}

@media print {
  .toplink {
    display: none;
  }

  /* avoid overwriting the top border line with the ToC header */
  #toc {
    padding-top: 1px;
  }

  /* Avoid page breaks inside dl and author address entries */
  .vcard {
    page-break-inside: avoid;
  }

}
/* Tweak the bcp14 keyword presentation */
.bcp14 {
  font-variant: small-caps;
  font-weight: bold;
  font-size: 0.9em;
}
/* Tweak the invisible space above H* in order not to overlay links in text above */
 h2 {
  margin-top: -18px;  /* provide offset for in-page anchors */
  padding-top: 31px;
 }
 h3 {
  margin-top: -18px;  /* provide offset for in-page anchors */
  padding-top: 24px;
 }
 h4 {
  margin-top: -18px;  /* provide offset for in-page anchors */
  padding-top: 24px;
 }
/* Float artwork pilcrow to the right */
@media screen {
  .artwork a.pilcrow {
    display: block;
    line-height: 0.7;
    margin-top: 0.15em;
  }
}
/* Make pilcrows on dd visible */
@media screen {
  dd:hover > a.pilcrow {
    visibility: visible;
  }
}
/* Make the placement of figcaption match that of a table's caption
   by removing the figure's added bottom margin */
.alignLeft.art-text,
.alignCenter.art-text,
.alignRight.art-text {
   margin-bottom: 0;
}
.alignLeft,
.alignCenter,
.alignRight {
  margin: 1em 0 0 0;
}
/* In print, the pilcrow won't show on hover, so prevent it from taking up space,
   possibly even requiring a new line */
@media print {
  a.pilcrow {
    display: none;
  }
}
/* Styling for the external metadata */
div#external-metadata {
  background-color: #eee;
  padding: 0.5em;
  margin-bottom: 0.5em;
  display: none;
}
div#internal-metadata {
  padding: 0.5em;                       /* to match the external-metadata padding */
}
/* Styling for title RFC Number */
h1#rfcnum {
  clear: both;
  margin: 0 0 -1em;
  padding: 1em 0 0 0;
}
/* Make .olPercent look the same as <ol><li> */
dl.olPercent > dd {
  margin-bottom: 0.25em;
  min-height: initial;
}
/* Give aside some styling to set it apart */
aside {
  border-left: 1px solid #ddd;
  margin: 1em 0 1em 2em;
  padding: 0.2em 2em;
}
aside > dl,
aside > ol,
aside > ul,
aside > table,
aside > p {
  margin-bottom: 0.5em;
}
/* Additional page break settings */
@media print {
  figcaption, table caption {
    page-break-before: avoid;
  }
}
/* Font size adjustments for print */
@media print {
  body  { font-size: 10pt;      line-height: normal; max-width: 96%; }
  h1    { font-size: 1.72em;    padding-top: 1.5em; } /* 1*1.2*1.2*1.2 */
  h2    { font-size: 1.44em;    padding-top: 1.5em; } /* 1*1.2*1.2 */
  h3    { font-size: 1.2em;     padding-top: 1.5em; } /* 1*1.2 */
  h4    { font-size: 1em;       padding-top: 1.5em; }
  h5, h6 { font-size: 1em;      margin: initial; padding: 0.5em 0 0.3em; }
}
/* Sourcecode margin in print, when there's no pilcrow */
@media print {
  .artwork,
  .sourcecode {
    margin-bottom: 1em;
  }
}
/* Avoid narrow tables forcing too narrow table captions, which may render badly */
table {
  min-width: 20em;
}
/* ol type a */
ol.type-a { list-style-type: lower-alpha; }
ol.type-A { list-style-type: upper-alpha; }
ol.type-i { list-style-type: lower-roman; }
ol.type-I { list-style-type: lower-roman; }
/* Apply the print table and row borders in general, on request from the RPC,
and increase the contrast between border and odd row background sligthtly */
table {
  border: 1px solid #ddd;
}
td {
  border-top: 1px solid #ddd;
}
tr:nth-child(2n+1) > td {
  background-color: #f8f8f8;
}
/* Use style rules to govern display of the TOC. */
@media screen and (max-width: 1023px) {
  #toc nav { display: none; }
  #toc.active nav { display: block; }
}
/* Add support for keepWithNext */
.keepWithNext {
  break-after: avoid-page;
  break-after: avoid-page;
}
/* Add support for keepWithPrevious */
.keepWithPrevious {
  break-before: avoid-page;
}
/* Change the approach to avoiding breaks inside artwork etc. */
figure, pre, table, .artwork, .sourcecode  {
  break-before: avoid-page;
  break-after: auto;
}
/* Avoid breaks between <dt> and <dd> */
dl {
  break-before: auto;
  break-inside: auto;
}
dt {
  break-before: auto;
  break-after: avoid-page;
}
dd {
  break-before: avoid-page;
  break-after: auto;
  orphans: 3;
  widows: 3
}
span.break, dd.break {
  margin-bottom: 0;
  min-height: 0;
  break-before: auto;
  break-inside: auto;
  break-after: auto;
}
/* Undo break-before ToC */
@media print {
  #toc {
    break-before: auto;
  }
}
/* Text in compact lists should not get extra bottim margin space,
   since that would makes the list not compact */
ul.compact p, .ulCompact p,
ol.compact p, .olCompact p {
 margin: 0;
}
/* But the list as a whole needs the extra space at the end */
section ul.compact,
section .ulCompact,
section ol.compact,
section .olCompact {
  margin-bottom: 1em;                    /* same as p not within ul.compact etc. */
}
/* The tt and code background above interferes with for instance table cell
   backgrounds.  Changed to something a bit more selective. */
tt, code {
  background-color: transparent;
}
p tt, p code, li tt, li code {
  background-color: #f8f8f8;
}
/* Tweak the pre margin -- 0px doesn't come out well */
pre {
   margin-top: 0.5px;
}
/* Tweak the comact list text */
ul.compact, .ulCompact,
ol.compact, .olCompact,
dl.compact, .dlCompact {
  line-height: normal;
}
/* Don't add top margin for nested lists */
li > ul, li > ol, li > dl,
dd > ul, dd > ol, dd > dl,
dl > dd > dl {
  margin-top: initial;
}
/* Elements that should not be rendered on the same line as a <dt> */
/* This should match the element list in writer.text.TextWriter.render_dl() */
dd > div.artwork:first-child,
dd > aside:first-child,
dd > figure:first-child,
dd > ol:first-child,
dd > div:first-child > pre.sourcecode,
dd > table:first-child,
dd > ul:first-child {
  clear: left;
}
/* fix for weird browser behaviour when <dd/> is empty */
dt+dd:empty::before{
  content: "\00a0";
}
/* Make paragraph spacing inside <li> smaller than in body text, to fit better within the list */
li > p {
  margin-bottom: 0.5em
}
/* Don't let p margin spill out from inside list items */
li > p:last-of-type {
  margin-bottom: 0;
}
</style>
<link href="rfc-local.css" rel="stylesheet" type="text/css">
<link href="https://dx.doi.org/10.17487/rfc8996" rel="alternate">
  <link href="urn:issn:2070-1721" rel="alternate">
  <link href="https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate-12" rel="prev">
  </head>
<body>
<script src="https://www.rfc-editor.org/js/metadata.min.js"></script>
<table class="ears">
<thead><tr>
<td class="left">RFC 8996</td>
<td class="center">Deprecating TLS 1.0 and TLS 1.1</td>
<td class="right">March 2021</td>
</tr></thead>
<tfoot><tr>
<td class="left">Moriarty &amp; Farrell</td>
<td class="center">Best Current Practice</td>
<td class="right">[Page]</td>
</tr></tfoot>
</table>
<div id="external-metadata" class="document-information"></div>
<div id="internal-metadata" class="document-information">
<dl id="identifiers">
<dt class="label-stream">Stream:</dt>
<dd class="stream">Internet Engineering Task Force (IETF)</dd>
<dt class="label-rfc">RFC:</dt>
<dd class="rfc"><a href="https://www.rfc-editor.org/rfc/rfc8996" class="eref">8996</a></dd>
<dt class="label-bcp">BCP:</dt>
<dd class="bcp">195</dd>
<dt class="label-obsoletes">Obsoletes:</dt>
<dd class="obsoletes">
<a href="https://www.rfc-editor.org/rfc/rfc5469" class="eref">5469</a>, <a href="https://www.rfc-editor.org/rfc/rfc7507" class="eref">7507</a> </dd>
<dt class="label-updates">Updates:</dt>
<dd class="updates">
<a href="https://www.rfc-editor.org/rfc/rfc3261" class="eref">3261</a>, <a href="https://www.rfc-editor.org/rfc/rfc3329" class="eref">3329</a>, <a href="https://www.rfc-editor.org/rfc/rfc3436" class="eref">3436</a>, <a href="https://www.rfc-editor.org/rfc/rfc3470" class="eref">3470</a>, <a href="https://www.rfc-editor.org/rfc/rfc3501" class="eref">3501</a>, <a href="https://www.rfc-editor.org/rfc/rfc3552" class="eref">3552</a>, <a href="https://www.rfc-editor.org/rfc/rfc3568" class="eref">3568</a>, <a href="https://www.rfc-editor.org/rfc/rfc3656" class="eref">3656</a>, <a href="https://www.rfc-editor.org/rfc/rfc3749" class="eref">3749</a>, <a href="https://www.rfc-editor.org/rfc/rfc3767" class="eref">3767</a>, <a href="https://www.rfc-editor.org/rfc/rfc3856" class="eref">3856</a>, <a href="https://www.rfc-editor.org/rfc/rfc3871" class="eref">3871</a>, <a href="https://www.rfc-editor.org/rfc/rfc3887" class="eref">3887</a>, <a href="https://www.rfc-editor.org/rfc/rfc3903" class="eref">3903</a>, <a href="https://www.rfc-editor.org/rfc/rfc3943" class="eref">3943</a>, <a href="https://www.rfc-editor.org/rfc/rfc3983" class="eref">3983</a>, <a href="https://www.rfc-editor.org/rfc/rfc4097" class="eref">4097</a>, <a href="https://www.rfc-editor.org/rfc/rfc4111" class="eref">4111</a>, <a href="https://www.rfc-editor.org/rfc/rfc%E2%80%8B%204162" class="eref">​ 4162</a>, <a href="https://www.rfc-editor.org/rfc/rfc4168" class="eref">4168</a>, <a href="https://www.rfc-editor.org/rfc/rfc4217" class="eref">4217</a>, <a href="https://www.rfc-editor.org/rfc/rfc4235" class="eref">4235</a>, <a href="https://www.rfc-editor.org/rfc/rfc4261" class="eref">4261</a>, <a href="https://www.rfc-editor.org/rfc/rfc4279" class="eref">4279</a>, <a href="https://www.rfc-editor.org/rfc/rfc4497" class="eref">4497</a>, <a href="https://www.rfc-editor.org/rfc/rfc4513" class="eref">4513</a>, <a href="https://www.rfc-editor.org/rfc/rfc4531" class="eref">4531</a>, <a href="https://www.rfc-editor.org/rfc/rfc4540" class="eref">4540</a>, <a href="https://www.rfc-editor.org/rfc/rfc4582" class="eref">4582</a>, <a href="https://www.rfc-editor.org/rfc/rfc4616" class="eref">4616</a>, <a href="https://www.rfc-editor.org/rfc/rfc4642" class="eref">4642</a>, <a href="https://www.rfc-editor.org/rfc/rfc4680" class="eref">4680</a>, <a href="https://www.rfc-editor.org/rfc/rfc4681" class="eref">4681</a>, <a href="https://www.rfc-editor.org/rfc/rfc4712" class="eref">4712</a>, <a href="https://www.rfc-editor.org/rfc/rfc4732" class="eref">4732</a>, <a href="https://www.rfc-editor.org/rfc/rfc4743" class="eref">4743</a>, <a href="https://www.rfc-editor.org/rfc/rfc%E2%80%8B%204744" class="eref">​ 4744</a>, <a href="https://www.rfc-editor.org/rfc/rfc4785" class="eref">4785</a>, <a href="https://www.rfc-editor.org/rfc/rfc4791" class="eref">4791</a>, <a href="https://www.rfc-editor.org/rfc/rfc4823" class="eref">4823</a>, <a href="https://www.rfc-editor.org/rfc/rfc4851" class="eref">4851</a>, <a href="https://www.rfc-editor.org/rfc/rfc4964" class="eref">4964</a>, <a href="https://www.rfc-editor.org/rfc/rfc4975" class="eref">4975</a>, <a href="https://www.rfc-editor.org/rfc/rfc4976" class="eref">4976</a>, <a href="https://www.rfc-editor.org/rfc/rfc4992" class="eref">4992</a>, <a href="https://www.rfc-editor.org/rfc/rfc5018" class="eref">5018</a>, <a href="https://www.rfc-editor.org/rfc/rfc5019" class="eref">5019</a>, <a href="https://www.rfc-editor.org/rfc/rfc5023" class="eref">5023</a>, <a href="https://www.rfc-editor.org/rfc/rfc5024" class="eref">5024</a>, <a href="https://www.rfc-editor.org/rfc/rfc5049" class="eref">5049</a>, <a href="https://www.rfc-editor.org/rfc/rfc5054" class="eref">5054</a>, <a href="https://www.rfc-editor.org/rfc/rfc5091" class="eref">5091</a>, <a href="https://www.rfc-editor.org/rfc/rfc5158" class="eref">5158</a>, <a href="https://www.rfc-editor.org/rfc/rfc5216" class="eref">5216</a>, <a href="https://www.rfc-editor.org/rfc/rfc%E2%80%8B%205238" class="eref">​ 5238</a>, <a href="https://www.rfc-editor.org/rfc/rfc5263" class="eref">5263</a>, <a href="https://www.rfc-editor.org/rfc/rfc5281" class="eref">5281</a>, <a href="https://www.rfc-editor.org/rfc/rfc5364" class="eref">5364</a>, <a href="https://www.rfc-editor.org/rfc/rfc5415" class="eref">5415</a>, <a href="https://www.rfc-editor.org/rfc/rfc5422" class="eref">5422</a>, <a href="https://www.rfc-editor.org/rfc/rfc5456" class="eref">5456</a>, <a href="https://www.rfc-editor.org/rfc/rfc5734" class="eref">5734</a>, <a href="https://www.rfc-editor.org/rfc/rfc5878" class="eref">5878</a>, <a href="https://www.rfc-editor.org/rfc/rfc5953" class="eref">5953</a>, <a href="https://www.rfc-editor.org/rfc/rfc6012" class="eref">6012</a>, <a href="https://www.rfc-editor.org/rfc/rfc6042" class="eref">6042</a>, <a href="https://www.rfc-editor.org/rfc/rfc6083" class="eref">6083</a>, <a href="https://www.rfc-editor.org/rfc/rfc6084" class="eref">6084</a>, <a href="https://www.rfc-editor.org/rfc/rfc6176" class="eref">6176</a>, <a href="https://www.rfc-editor.org/rfc/rfc6347" class="eref">6347</a>, <a href="https://www.rfc-editor.org/rfc/rfc6353" class="eref">6353</a>, <a href="https://www.rfc-editor.org/rfc/rfc6367" class="eref">6367</a>, <a href="https://www.rfc-editor.org/rfc/rfc%E2%80%8B%206460" class="eref">​ 6460</a>, <a href="https://www.rfc-editor.org/rfc/rfc6614" class="eref">6614</a>, <a href="https://www.rfc-editor.org/rfc/rfc6739" class="eref">6739</a>, <a href="https://www.rfc-editor.org/rfc/rfc6749" class="eref">6749</a>, <a href="https://www.rfc-editor.org/rfc/rfc6750" class="eref">6750</a>, <a href="https://www.rfc-editor.org/rfc/rfc7030" class="eref">7030</a>, <a href="https://www.rfc-editor.org/rfc/rfc7465" class="eref">7465</a>, <a href="https://www.rfc-editor.org/rfc/rfc7525" class="eref">7525</a>, <a href="https://www.rfc-editor.org/rfc/rfc7562" class="eref">7562</a>, <a href="https://www.rfc-editor.org/rfc/rfc7568" class="eref">7568</a>, <a href="https://www.rfc-editor.org/rfc/rfc8261" class="eref">8261</a>, <a href="https://www.rfc-editor.org/rfc/rfc8422" class="eref">8422</a> </dd>
<dt class="label-category">Category:</dt>
<dd class="category">Best Current Practice</dd>
<dt class="label-published">Published:</dt>
<dd class="published">
<time datetime="2021-03" class="published">March 2021</time>
    </dd>
<dt class="label-issn">ISSN:</dt>
<dd class="issn">2070-1721</dd>
<dt class="label-authors">Authors:</dt>
<dd class="authors">
<div class="author">
      <div class="author-name">K. Moriarty</div>
<div class="org">CIS</div>
</div>
<div class="author">
      <div class="author-name">S. Farrell</div>
<div class="org">Trinity College Dublin</div>
</div>
</dd>
</dl>
</div>
<h1 id="rfcnum">RFC 8996</h1>
<h1 id="title">Deprecating TLS 1.0 and TLS 1.1</h1>
<section id="section-abstract">
      <h2 id="abstract"><a href="#abstract" class="selfRef">Abstract</a></h2>
<p id="section-abstract-1">

            This document formally deprecates Transport Layer
            Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346).
            Accordingly, those documents have been moved
            to Historic status. These versions lack support for current
            and recommended cryptographic algorithms and mechanisms, and
            various government and industry profiles of applications using
            TLS now mandate avoiding these old TLS versions. TLS version 1.2
            became the recommended version for IETF protocols in 2008
            (subsequently being obsoleted by TLS version 1.3 in 2018), providing
            sufficient time to transition away from older versions.
            Removing support for older versions from implementations reduces the
            attack surface, reduces opportunity for misconfiguration, and
            streamlines library and product maintenance.<a href="#section-abstract-1" class="pilcrow">¶</a></p>
<p id="section-abstract-2">This document also deprecates Datagram TLS (DTLS) version 1.0 
      (RFC 4347) but not DTLS version 1.2, and there is no DTLS
      version 1.1.<a href="#section-abstract-2" class="pilcrow">¶</a></p>
<p id="section-abstract-3">This document updates many RFCs that normatively refer to TLS version 1.0 or
      TLS version 1.1, as described herein. This document also updates the best
      practices for TLS usage in RFC 7525; hence, it is part of BCP 195.<a href="#section-abstract-3" class="pilcrow">¶</a></p>
</section>
<div id="status-of-memo">
<section id="section-boilerplate.1">
        <h2 id="name-status-of-this-memo">
<a href="#name-status-of-this-memo" class="section-name selfRef">Status of This Memo</a>
        </h2>
<p id="section-boilerplate.1-1">
            This memo documents an Internet Best Current Practice.<a href="#section-boilerplate.1-1" class="pilcrow">¶</a></p>
<p id="section-boilerplate.1-2">
            This document is a product of the Internet Engineering Task Force
            (IETF).  It represents the consensus of the IETF community.  It has
            received public review and has been approved for publication by
            the Internet Engineering Steering Group (IESG).  Further information
            on BCPs is available in Section 2 of RFC 7841.<a href="#section-boilerplate.1-2" class="pilcrow">¶</a></p>
<p id="section-boilerplate.1-3">
            Information about the current status of this document, any
            errata, and how to provide feedback on it may be obtained at
            <span><a href="https://www.rfc-editor.org/info/rfc8996">https://www.rfc-editor.org/info/rfc8996</a></span>.<a href="#section-boilerplate.1-3" class="pilcrow">¶</a></p>
</section>
</div>
<div id="copyright">
<section id="section-boilerplate.2">
        <h2 id="name-copyright-notice">
<a href="#name-copyright-notice" class="section-name selfRef">Copyright Notice</a>
        </h2>
<p id="section-boilerplate.2-1">
            Copyright (c) 2021 IETF Trust and the persons identified as the
            document authors. All rights reserved.<a href="#section-boilerplate.2-1" class="pilcrow">¶</a></p>
<p id="section-boilerplate.2-2">
            This document is subject to BCP 78 and the IETF Trust's Legal
            Provisions Relating to IETF Documents
            (<span><a href="https://trustee.ietf.org/license-info">https://trustee.ietf.org/license-info</a></span>) in effect on the date of
            publication of this document. Please review these documents
            carefully, as they describe your rights and restrictions with
            respect to this document. Code Components extracted from this
            document must include Simplified BSD License text as described in
            Section 4.e of the Trust Legal Provisions and are provided without
            warranty as described in the Simplified BSD License.<a href="#section-boilerplate.2-2" class="pilcrow">¶</a></p>
</section>
</div>
<div id="toc">
<section id="section-toc.1">
        <a href="#" onclick="scroll(0,0)" class="toplink">▲</a><h2 id="name-table-of-contents">
<a href="#name-table-of-contents" class="section-name selfRef">Table of Contents</a>
        </h2>
<nav class="toc"><ul class="compact toc ulEmpty">
<li class="compact toc ulEmpty" id="section-toc.1-1.1">
            <p id="section-toc.1-1.1.1" class="keepWithNext"><a href="#section-1" class="xref">1</a>.  <a href="#name-introduction" class="xref">Introduction</a></p>
<ul class="compact toc ulEmpty">
<li class="compact toc ulEmpty" id="section-toc.1-1.1.2.1">
                <p id="section-toc.1-1.1.2.1.1" class="keepWithNext"><a href="#section-1.1" class="xref">1.1</a>.  <a href="#name-rfcs-updated" class="xref">RFCs Updated</a></p>
</li>
              <li class="compact toc ulEmpty" id="section-toc.1-1.1.2.2">
                <p id="section-toc.1-1.1.2.2.1" class="keepWithNext"><a href="#section-1.2" class="xref">1.2</a>.  <a href="#name-terminology" class="xref">Terminology</a></p>
</li>
            </ul>
</li>
          <li class="compact toc ulEmpty" id="section-toc.1-1.2">
            <p id="section-toc.1-1.2.1"><a href="#section-2" class="xref">2</a>.  <a href="#name-support-for-deprecation" class="xref">Support for Deprecation</a></p>
</li>
          <li class="compact toc ulEmpty" id="section-toc.1-1.3">
            <p id="section-toc.1-1.3.1"><a href="#section-3" class="xref">3</a>.  <a href="#name-sha-1-usage-problematic-in-" class="xref">SHA-1 Usage Problematic in TLS 1.0 and TLS 1.1</a></p>
</li>
          <li class="compact toc ulEmpty" id="section-toc.1-1.4">
            <p id="section-toc.1-1.4.1"><a href="#section-4" class="xref">4</a>.  <a href="#name-do-not-use-tls-10" class="xref">Do Not Use TLS 1.0</a></p>
</li>
          <li class="compact toc ulEmpty" id="section-toc.1-1.5">
            <p id="section-toc.1-1.5.1"><a href="#section-5" class="xref">5</a>.  <a href="#name-do-not-use-tls-11" class="xref">Do Not Use TLS 1.1</a></p>
</li>
          <li class="compact toc ulEmpty" id="section-toc.1-1.6">
            <p id="section-toc.1-1.6.1"><a href="#section-6" class="xref">6</a>.  <a href="#name-updates-to-rfc-7525" class="xref">Updates to RFC 7525</a></p>
</li>
          <li class="compact toc ulEmpty" id="section-toc.1-1.7">
            <p id="section-toc.1-1.7.1"><a href="#section-7" class="xref">7</a>.  <a href="#name-operational-considerations" class="xref">Operational Considerations</a></p>
</li>
          <li class="compact toc ulEmpty" id="section-toc.1-1.8">
            <p id="section-toc.1-1.8.1"><a href="#section-8" class="xref">8</a>.  <a href="#name-security-considerations" class="xref">Security Considerations</a></p>
</li>
          <li class="compact toc ulEmpty" id="section-toc.1-1.9">
            <p id="section-toc.1-1.9.1"><a href="#section-9" class="xref">9</a>.  <a href="#name-iana-considerations" class="xref">IANA Considerations</a></p>
</li>
          <li class="compact toc ulEmpty" id="section-toc.1-1.10">
            <p id="section-toc.1-1.10.1"><a href="#section-10" class="xref">10</a>. <a href="#name-references" class="xref">References</a></p>
<ul class="compact toc ulEmpty">
<li class="compact toc ulEmpty" id="section-toc.1-1.10.2.1">
                <p id="section-toc.1-1.10.2.1.1"><a href="#section-10.1" class="xref">10.1</a>.  <a href="#name-normative-references" class="xref">Normative References</a></p>
</li>
              <li class="compact toc ulEmpty" id="section-toc.1-1.10.2.2">
                <p id="section-toc.1-1.10.2.2.1"><a href="#section-10.2" class="xref">10.2</a>.  <a href="#name-informative-references" class="xref">Informative References</a></p>
</li>
            </ul>
</li>
          <li class="compact toc ulEmpty" id="section-toc.1-1.11">
            <p id="section-toc.1-1.11.1"><a href="#section-appendix.a" class="xref"></a><a href="#name-acknowledgements" class="xref">Acknowledgements</a></p>
</li>
          <li class="compact toc ulEmpty" id="section-toc.1-1.12">
            <p id="section-toc.1-1.12.1"><a href="#section-appendix.b" class="xref"></a><a href="#name-authors-addresses" class="xref">Authors' Addresses</a></p>
</li>
        </ul>
</nav>
</section>
</div>
<section id="section-1">
      <h2 id="name-introduction">
<a href="#section-1" class="section-number selfRef">1. </a><a href="#name-introduction" class="section-name selfRef">Introduction</a>
      </h2>
<p id="section-1-1">Transport Layer Security (TLS) versions 1.0 <span>[<a href="#RFC2246" class="xref">RFC2246</a>]</span>
      and 1.1 <span>[<a href="#RFC4346" class="xref">RFC4346</a>]</span> were superseded by TLS 1.2 <span>[<a href="#RFC5246" class="xref">RFC5246</a>]</span> in 2008, which has now itself been superseded by
      TLS 1.3 <span>[<a href="#RFC8446" class="xref">RFC8446</a>]</span>. Datagram Transport Layer Security
      (DTLS) version 1.0 <span>[<a href="#RFC4347" class="xref">RFC4347</a>]</span> was superseded by DTLS 1.2
      <span>[<a href="#RFC6347" class="xref">RFC6347</a>]</span> in 2012.  Therefore, it is timely to further
          deprecate TLS 1.0, TLS 1.1, and DTLS 1.0.
      Accordingly, the aforementioned documents have been moved to Historic status.<a href="#section-1-1" class="pilcrow">¶</a></p>
<p id="section-1-2">Technical reasons for deprecating these versions include:<a href="#section-1-2" class="pilcrow">¶</a></p>
<ul class="compact">
<li class="compact" id="section-1-3.1">They require the implementation of older cipher suites that are no
          longer desirable for cryptographic reasons, e.g., TLS 1.0 makes
          TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA mandatory to implement.<a href="#section-1-3.1" class="pilcrow">¶</a>
</li>
        <li class="compact" id="section-1-3.2">There is a lack of support for current recommended cipher suites, especially
          authenticated encryption with associated data (AEAD) ciphers, 
   which were not supported prior to TLS 1.2. Note that
          registry entries for no-longer-desirable ciphersuites remain in the
          registries, but many TLS registries were updated by <span>[<a href="#RFC8447" class="xref">RFC8447</a>]</span>, which indicates that such entries are not
          recommended by the IETF.<a href="#section-1-3.2" class="pilcrow">¶</a>
</li>
        <li class="compact" id="section-1-3.3">The integrity of the handshake depends on SHA-1 hash.<a href="#section-1-3.3" class="pilcrow">¶</a>
</li>
        <li class="compact" id="section-1-3.4">The authentication of the peers depends on SHA-1 signatures.<a href="#section-1-3.4" class="pilcrow">¶</a>
</li>
        <li class="compact" id="section-1-3.5">Support for four TLS protocol versions increases the likelihood of
          misconfiguration.<a href="#section-1-3.5" class="pilcrow">¶</a>
</li>
        <li class="compact" id="section-1-3.6">At least one widely used library has plans to drop TLS 1.1 and
          TLS 1.0 support in upcoming releases; products using such libraries
          would need to use older versions of the libraries to support TLS 1.0
          and TLS 1.1, which is clearly undesirable.<a href="#section-1-3.6" class="pilcrow">¶</a>
</li>
      </ul>
<p id="section-1-4">Deprecation of these versions is intended to assist developers as
      additional justification to no longer support older (D)TLS versions and to
      migrate to a minimum of (D)TLS 1.2. Deprecation also assists product teams
      with phasing out support for the older versions, to reduce the attack
      surface and the scope of maintenance for protocols in their
      offerings.<a href="#section-1-4" class="pilcrow">¶</a></p>
<div id="updates">
<section id="section-1.1">
        <h3 id="name-rfcs-updated">
<a href="#section-1.1" class="section-number selfRef">1.1. </a><a href="#name-rfcs-updated" class="section-name selfRef">RFCs Updated</a>
        </h3>
<p id="section-1.1-1">This document updates the following RFCs that normatively reference
        TLS 1.0, TLS 1.1, or DTLS 1.0. The update is to obsolete usage of
        these older versions. Fallback to these versions is prohibited
        through this update. Specific references to mandatory minimum protocol
        versions of TLS 1.0 or TLS 1.1 are replaced by TLS 1.2, and references
        to minimum protocol version DTLS 1.0 are replaced by DTLS 1.2.
        Statements that "TLS 1.0 is the most widely deployed version and will
        provide the broadest interoperability" are removed without
        replacement.<a href="#section-1.1-1" class="pilcrow">¶</a></p>
<p id="section-1.1-2">
          <span>[<a href="#RFC3261" class="xref">RFC3261</a>]</span>
          <span>[<a href="#RFC3329" class="xref">RFC3329</a>]</span>
          <span>[<a href="#RFC3436" class="xref">RFC3436</a>]</span>
          <span>[<a href="#RFC3470" class="xref">RFC3470</a>]</span>
          <span>[<a href="#RFC3501" class="xref">RFC3501</a>]</span>
          <span>[<a href="#RFC3552" class="xref">RFC3552</a>]</span>
          <span>[<a href="#RFC3568" class="xref">RFC3568</a>]</span>
          <span>[<a href="#RFC3656" class="xref">RFC3656</a>]</span>
          <span>[<a href="#RFC3749" class="xref">RFC3749</a>]</span>
          <span>[<a href="#RFC3767" class="xref">RFC3767</a>]</span>
          <span>[<a href="#RFC3856" class="xref">RFC3856</a>]</span>
          <span>[<a href="#RFC3871" class="xref">RFC3871</a>]</span>
          <span>[<a href="#RFC3887" class="xref">RFC3887</a>]</span>
          <span>[<a href="#RFC3903" class="xref">RFC3903</a>]</span>
          <span>[<a href="#RFC3943" class="xref">RFC3943</a>]</span>
          <span>[<a href="#RFC3983" class="xref">RFC3983</a>]</span>
          <span>[<a href="#RFC4097" class="xref">RFC4097</a>]</span>
          <span>[<a href="#RFC4111" class="xref">RFC4111</a>]</span>
          <span>[<a href="#RFC4162" class="xref">RFC4162</a>]</span>
          <span>[<a href="#RFC4168" class="xref">RFC4168</a>]</span>
          <span>[<a href="#RFC4217" class="xref">RFC4217</a>]</span>
          <span>[<a href="#RFC4235" class="xref">RFC4235</a>]</span>
          <span>[<a href="#RFC4261" class="xref">RFC4261</a>]</span>
          <span>[<a href="#RFC4279" class="xref">RFC4279</a>]</span>
          <span>[<a href="#RFC4497" class="xref">RFC4497</a>]</span>
          <span>[<a href="#RFC4513" class="xref">RFC4513</a>]</span>
          <span>[<a href="#RFC4531" class="xref">RFC4531</a>]</span>
          <span>[<a href="#RFC4540" class="xref">RFC4540</a>]</span>
          <span>[<a href="#RFC4582" class="xref">RFC4582</a>]</span>
          <span>[<a href="#RFC4616" class="xref">RFC4616</a>]</span>
          <span>[<a href="#RFC4642" class="xref">RFC4642</a>]</span>
          <span>[<a href="#RFC4680" class="xref">RFC4680</a>]</span>
          <span>[<a href="#RFC4681" class="xref">RFC4681</a>]</span>
          <span>[<a href="#RFC4712" class="xref">RFC4712</a>]</span>
          <span>[<a href="#RFC4732" class="xref">RFC4732</a>]</span>
          <span>[<a href="#RFC4785" class="xref">RFC4785</a>]</span>
          <span>[<a href="#RFC4791" class="xref">RFC4791</a>]</span>
          <span>[<a href="#RFC4823" class="xref">RFC4823</a>]</span>
          <span>[<a href="#RFC4851" class="xref">RFC4851</a>]</span>
          <span>[<a href="#RFC4964" class="xref">RFC4964</a>]</span>
          <span>[<a href="#RFC4975" class="xref">RFC4975</a>]</span>
          <span>[<a href="#RFC4976" class="xref">RFC4976</a>]</span>
          <span>[<a href="#RFC4992" class="xref">RFC4992</a>]</span>
          <span>[<a href="#RFC5018" class="xref">RFC5018</a>]</span>
          <span>[<a href="#RFC5019" class="xref">RFC5019</a>]</span>
          <span>[<a href="#RFC5023" class="xref">RFC5023</a>]</span>
          <span>[<a href="#RFC5024" class="xref">RFC5024</a>]</span>
          <span>[<a href="#RFC5049" class="xref">RFC5049</a>]</span>
          <span>[<a href="#RFC5054" class="xref">RFC5054</a>]</span>
          <span>[<a href="#RFC5091" class="xref">RFC5091</a>]</span>
          <span>[<a href="#RFC5158" class="xref">RFC5158</a>]</span>
          <span>[<a href="#RFC5216" class="xref">RFC5216</a>]</span>
          <span>[<a href="#RFC5238" class="xref">RFC5238</a>]</span>
          <span>[<a href="#RFC5263" class="xref">RFC5263</a>]</span>
          <span>[<a href="#RFC5281" class="xref">RFC5281</a>]</span>
          <span>[<a href="#RFC5364" class="xref">RFC5364</a>]</span>
          <span>[<a href="#RFC5415" class="xref">RFC5415</a>]</span>
          <span>[<a href="#RFC5422" class="xref">RFC5422</a>]</span>
          <span>[<a href="#RFC5456" class="xref">RFC5456</a>]</span>
          <span>[<a href="#RFC5734" class="xref">RFC5734</a>]</span>
          <span>[<a href="#RFC5878" class="xref">RFC5878</a>]</span>
          <span>[<a href="#RFC6012" class="xref">RFC6012</a>]</span>
          <span>[<a href="#RFC6042" class="xref">RFC6042</a>]</span>
          <span>[<a href="#RFC6083" class="xref">RFC6083</a>]</span>
          <span>[<a href="#RFC6084" class="xref">RFC6084</a>]</span>
          <span>[<a href="#RFC6176" class="xref">RFC6176</a>]</span>
          <span>[<a href="#RFC6353" class="xref">RFC6353</a>]</span>
          <span>[<a href="#RFC6367" class="xref">RFC6367</a>]</span>
          <span>[<a href="#RFC6739" class="xref">RFC6739</a>]</span>
          <span>[<a href="#RFC6749" class="xref">RFC6749</a>]</span>
          <span>[<a href="#RFC6750" class="xref">RFC6750</a>]</span>
          <span>[<a href="#RFC7030" class="xref">RFC7030</a>]</span>
          <span>[<a href="#RFC7465" class="xref">RFC7465</a>]</span>
          <span>[<a href="#RFC7525" class="xref">RFC7525</a>]</span>
          <span>[<a href="#RFC7562" class="xref">RFC7562</a>]</span>
          <span>[<a href="#RFC7568" class="xref">RFC7568</a>]</span>
          <span>[<a href="#RFC8261" class="xref">RFC8261</a>]</span>
          <span>[<a href="#RFC8422" class="xref">RFC8422</a>]</span><a href="#section-1.1-2" class="pilcrow">¶</a></p>
<p id="section-1.1-3">The status of <span>[<a href="#RFC7562" class="xref">RFC7562</a>]</span>, <span>[<a href="#RFC6042" class="xref">RFC6042</a>]</span>,
 <span>[<a href="#RFC5456" class="xref">RFC5456</a>]</span>, <span>[<a href="#RFC5024" class="xref">RFC5024</a>]</span>,
 <span>[<a href="#RFC4540" class="xref">RFC4540</a>]</span>, and <span>[<a href="#RFC3656" class="xref">RFC3656</a>]</span> will be
 updated with permission of the Independent Submissions Editor.<a href="#section-1.1-3" class="pilcrow">¶</a></p>
<p id="section-1.1-4">In addition, these RFCs normatively refer to TLS 1.0 or TLS 1.1 and
        have already been obsoleted; they are still listed here and marked as
        updated by this document in order to reiterate that any usage of the
            obsolete protocol should use modern TLS: 
         <span>[<a href="#RFC3316" class="xref">RFC3316</a>]</span>,
         <span>[<a href="#RFC3489" class="xref">RFC3489</a>]</span>, 
         <span>[<a href="#RFC3546" class="xref">RFC3546</a>]</span>,
         <span>[<a href="#RFC3588" class="xref">RFC3588</a>]</span>, 
                <span>[<a href="#RFC3734" class="xref">RFC3734</a>]</span>, 
 <span>[<a href="#RFC3920" class="xref">RFC3920</a>]</span>, 
 <span>[<a href="#RFC4132" class="xref">RFC4132</a>]</span>, 
 <span>[<a href="#RFC4244" class="xref">RFC4244</a>]</span>,
 <span>[<a href="#RFC4347" class="xref">RFC4347</a>]</span>,
 <span>[<a href="#RFC4366" class="xref">RFC4366</a>]</span>, 
 <span>[<a href="#RFC4492" class="xref">RFC4492</a>]</span>,
 <span>[<a href="#RFC4507" class="xref">RFC4507</a>]</span>,
 <span>[<a href="#RFC4572" class="xref">RFC4572</a>]</span>,
 <span>[<a href="#RFC4582" class="xref">RFC4582</a>]</span>, 
 <span>[<a href="#RFC4934" class="xref">RFC4934</a>]</span>,
 <span>[<a href="#RFC5077" class="xref">RFC5077</a>]</span>, 
 <span>[<a href="#RFC5081" class="xref">RFC5081</a>]</span>, 
 <span>[<a href="#RFC5101" class="xref">RFC5101</a>]</span>, and
 <span>[<a href="#RFC5953" class="xref">RFC5953</a>]</span>.<a href="#section-1.1-4" class="pilcrow">¶</a></p>
<p id="section-1.1-5">Note that <span>[<a href="#RFC4642" class="xref">RFC4642</a>]</span> has already been
        updated by <span>[<a href="#RFC8143" class="xref">RFC8143</a>]</span>, which makes an overlapping, but
        not quite identical, update as this document.<a href="#section-1.1-5" class="pilcrow">¶</a></p>
<p id="section-1.1-6"><span>[<a href="#RFC6614" class="xref">RFC6614</a>]</span> has a requirement for TLS 1.1 or later, although it
            only makes an informative reference to <span>[<a href="#RFC4346" class="xref">RFC4346</a>]</span>.
            This requirement is updated to be for TLS 1.2 or later.<a href="#section-1.1-6" class="pilcrow">¶</a></p>
<p id="section-1.1-7"><span>[<a href="#RFC6460" class="xref">RFC6460</a>]</span>, <span>[<a href="#RFC4744" class="xref">RFC4744</a>]</span>, and <span>[<a href="#RFC4743" class="xref">RFC4743</a>]</span>
 are already Historic; they are still listed here and marked as
        updated by this document in order to reiterate that any usage of the
        obsolete protocol should use modern TLS.<a href="#section-1.1-7" class="pilcrow">¶</a></p>
<p id="section-1.1-8">This document updates DTLS <span>[<a href="#RFC6347" class="xref">RFC6347</a>]</span>.  <span>[<a href="#RFC6347" class="xref">RFC6347</a>]</span> had allowed for negotiating the use of DTLS 1.0,
        which is now forbidden.<a href="#section-1.1-8" class="pilcrow">¶</a></p>
<p id="section-1.1-9">The DES and International Data Encryption Algorithm (IDEA) cipher suites 
 specified in <span>[<a href="#RFC5469" class="xref">RFC5469</a>]</span> were specifically removed from TLS 1.2 by
        <span>[<a href="#RFC5246" class="xref">RFC5246</a>]</span>; since the only versions of TLS for which
        their usage is defined are now Historic, <span>[<a href="#RFC5469" class="xref">RFC5469</a>]</span> has been
        moved to Historic as well.<a href="#section-1.1-9" class="pilcrow">¶</a></p>
<p id="section-1.1-10">The version-fallback Signaling Cipher Suite Value specified in
        <span>[<a href="#RFC7507" class="xref">RFC7507</a>]</span> was defined to detect when a given client
        and server negotiate a lower version of (D)TLS than their highest
        shared version.  TLS 1.3 (<span>[<a href="#RFC8446" class="xref">RFC8446</a>]</span>) incorporates a
        different mechanism that achieves this purpose, via sentinel values in
        the ServerHello.Random field.  With (D)TLS versions prior to 1.2 fully
        deprecated, the only way for (D)TLS implementations to negotiate a
        lower version than their highest shared version would be to negotiate
        (D)TLS 1.2 while supporting (D)TLS 1.3; supporting (D)TLS 1.3 implies
        support for the ServerHello.Random mechanism.  Accordingly, the
        functionality from <span>[<a href="#RFC7507" class="xref">RFC7507</a>]</span> has been superseded, and
        this document marks it as Obsolete.<a href="#section-1.1-10" class="pilcrow">¶</a></p>
</section>
</div>
<section id="section-1.2">
        <h3 id="name-terminology">
<a href="#section-1.2" class="section-number selfRef">1.2. </a><a href="#name-terminology" class="section-name selfRef">Terminology</a>
        </h3>
<p id="section-1.2-1">
    The key words "<span class="bcp14">MUST</span>", "<span class="bcp14">MUST NOT</span>", "<span class="bcp14">REQUIRED</span>", "<span class="bcp14">SHALL</span>", "<span class="bcp14">SHALL NOT</span>", "<span class="bcp14">SHOULD</span>", "<span class="bcp14">SHOULD NOT</span>", "<span class="bcp14">RECOMMENDED</span>", "<span class="bcp14">NOT RECOMMENDED</span>",
    "<span class="bcp14">MAY</span>", and "<span class="bcp14">OPTIONAL</span>" in this document are to be interpreted as
    described in BCP 14 <span>[<a href="#RFC2119" class="xref">RFC2119</a>]</span> <span>[<a href="#RFC8174" class="xref">RFC8174</a>]</span> 
    when, and only when, they appear in all capitals, as shown here.<a href="#section-1.2-1" class="pilcrow">¶</a></p>
</section>
</section>
<div id="support">
<section id="section-2">
      <h2 id="name-support-for-deprecation">
<a href="#section-2" class="section-number selfRef">2. </a><a href="#name-support-for-deprecation" class="section-name selfRef">Support for Deprecation</a>
      </h2>
<p id="section-2-1">Specific details on attacks against TLS 1.0 and TLS 1.1, as well as
      their mitigations, are provided in <span>[<a href="#NIST800-52r2" class="xref">NIST800-52r2</a>]</span>,
      <span>[<a href="#RFC7457" class="xref">RFC7457</a>]</span>, and other
      RFCs referenced therein. Although mitigations for the current known
      vulnerabilities have been developed, any future issues discovered in old
      protocol versions might not be mitigated in older library versions when
      newer library versions do not support those old protocols.<a href="#section-2-1" class="pilcrow">¶</a></p>
<p id="section-2-2">For example, NIST has provided the following rationale, copied with
      permission from Section 1.1, "History of TLS", of <span>[<a href="#NIST800-52r2" class="xref">NIST800-52r2</a>]</span>:<a href="#section-2-2" class="pilcrow">¶</a></p>
<blockquote id="section-2-3">
        <p id="section-2-3.1">TLS 1.1, specified in RFC 4346 [24], was developed to
          address weaknesses discovered in TLS 1.0, primarily in the areas of
          initialization vector selection and padding error processing.
          Initialization vectors were made explicit to prevent a certain class
          of attacks on the Cipher Block Chaining (CBC) mode of operation used
          by TLS. The handling of padding errors was altered to treat a
          padding error as a bad message authentication code rather than a
          decryption failure. In addition, the TLS 1.1 RFC acknowledges
          attacks on CBC mode that rely on the time to compute the message
          authentication code (MAC). The TLS 1.1 specification states that to
          defend against such attacks, an implementation must process records
          in the same manner regardless of whether padding errors exist.
          Further implementation considerations for CBC modes (which were not
          included in RFC 4346 [24]) are discussed in
          Section 3.3.2.<a href="#section-2-3.1" class="pilcrow">¶</a></p>
<p id="section-2-3.2">TLS 1.2, specified in RFC 5246 [25], made
          several cryptographic enhancements, particularly in the area of hash
          functions, with the ability to use or specify the SHA-2 family of
          algorithms for hash, MAC, and Pseudorandom Function (PRF)
          computations. TLS 1.2 also adds authenticated encryption with
          associated data (AEAD) cipher suites.<a href="#section-2-3.2" class="pilcrow">¶</a></p>
<p id="section-2-3.3">TLS 1.3, specified in RFC 8446 [57],
          represents a significant change to TLS that aims to address threats
          that have arisen over the years.  Among the changes are a new handshake protocol, a new key derivation process that uses the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) [37], and the removal of cipher suites that use RSA key transport or static Diffie-Hellman ( DH) [sic] key exchanges, the CBC mode of operation, or SHA-1. Many extensions defined for use with TLS 1.2 and previous versions cannot be used with TLS 1.3.<a href="#section-2-3.3" class="pilcrow">¶</a></p>
</blockquote>
</section>
</div>
<div id="sha-1">
<section id="section-3">
      <h2 id="name-sha-1-usage-problematic-in-">
<a href="#section-3" class="section-number selfRef">3. </a><a href="#name-sha-1-usage-problematic-in-" class="section-name selfRef">SHA-1 Usage Problematic in TLS 1.0 and TLS 1.1</a>
      </h2>
<p id="section-3-1">The integrity of both TLS 1.0 and TLS 1.1 depends on a running SHA-1
      hash of the exchanged messages. This makes it possible to perform a
      downgrade attack on the handshake by an attacker able to perform 2<sup>77</sup>
      operations, well below the acceptable modern security margin.<a href="#section-3-1" class="pilcrow">¶</a></p>
<p id="section-3-2">Similarly, the authentication of the handshake depends on signatures
      made using a SHA-1 hash or a concatenation of MD5 and SHA-1
      hashes that is not appreciably stronger than a SHA-1 hash, allowing the attacker to impersonate a server when it is able to
      break the severely weakened SHA-1 hash.<a href="#section-3-2" class="pilcrow">¶</a></p>
<p id="section-3-3">Neither TLS 1.0 nor TLS 1.1 allows the peers to select a stronger hash
      for signatures in the ServerKeyExchange or CertificateVerify messages,
      making the only upgrade path the use of a newer protocol version.<a href="#section-3-3" class="pilcrow">¶</a></p>
<p id="section-3-4">See <span>[<a href="#Bhargavan2016" class="xref">Bhargavan2016</a>]</span> for additional details.<a href="#section-3-4" class="pilcrow">¶</a></p>
</section>
</div>
<section id="section-4">
      <h2 id="name-do-not-use-tls-10">
<a href="#section-4" class="section-number selfRef">4. </a><a href="#name-do-not-use-tls-10" class="section-name selfRef">Do Not Use TLS 1.0</a>
      </h2>
<p id="section-4-1">TLS 1.0 <span class="bcp14">MUST NOT</span> be used.
      Negotiation of TLS 1.0 from any version of TLS <span class="bcp14">MUST NOT</span> be
      permitted.<a href="#section-4-1" class="pilcrow">¶</a></p>
<p id="section-4-2">Any other version of TLS is more secure than TLS 1.0. While TLS 1.0 can be
      configured to prevent some types of interception, using the highest version
      available is preferred.<a href="#section-4-2" class="pilcrow">¶</a></p>
<p id="section-4-3">Pragmatically, clients <span class="bcp14">MUST NOT</span> send a ClientHello with
      ClientHello.client_version set to {03,01}.  Similarly, servers <span class="bcp14">MUST NOT</span>
      send a ServerHello with ServerHello.server_version set to {03,01}.  Any
      party receiving a Hello message with the protocol version set to {03,01}
      <span class="bcp14">MUST</span> respond with a "protocol_version" alert message and close the
      connection.<a href="#section-4-3" class="pilcrow">¶</a></p>
<p id="section-4-4">Historically, TLS specifications were not clear on what the record
      layer version number (TLSPlaintext.version) could contain when sending
      a ClientHello message. <span><a href="https://www.rfc-editor.org/rfc/rfc5246#appendix-E" class="relref">Appendix E</a> of [<a href="#RFC5246" class="xref">RFC5246</a>]</span> notes that TLSPlaintext.version
      could be selected to maximize interoperability, though no definitive
      value is identified as ideal. That guidance is still applicable;
      therefore, TLS servers <span class="bcp14">MUST</span> accept any value {03,XX} (including {03,00})
      as the record layer version number for ClientHello, but they <span class="bcp14">MUST NOT</span>
      negotiate TLS 1.0.<a href="#section-4-4" class="pilcrow">¶</a></p>
</section>
<section id="section-5">
      <h2 id="name-do-not-use-tls-11">
<a href="#section-5" class="section-number selfRef">5. </a><a href="#name-do-not-use-tls-11" class="section-name selfRef">Do Not Use TLS 1.1</a>
      </h2>
<p id="section-5-1">TLS 1.1 <span class="bcp14">MUST NOT</span> be used. Negotiation of TLS 1.1 from any version of
      TLS <span class="bcp14">MUST NOT</span> be permitted.<a href="#section-5-1" class="pilcrow">¶</a></p>
<p id="section-5-2">Pragmatically, clients <span class="bcp14">MUST NOT</span> send a ClientHello with
      ClientHello.client_version set to {03,02}.  Similarly, servers <span class="bcp14">MUST NOT</span>
      send a ServerHello with ServerHello.server_version set to {03,02}.  Any
      party receiving a Hello message with the protocol version set to {03,02}
      <span class="bcp14">MUST</span> respond with a "protocol_version" alert message and close the
      connection.<a href="#section-5-2" class="pilcrow">¶</a></p>
<p id="section-5-3">Any newer version of TLS is more secure than TLS 1.1. While TLS 1.1 can be
      configured to prevent some types of interception, using the highest version
      available is preferred. Support for TLS 1.1 is dwindling in libraries
      and will impact security going forward if mitigations for attacks cannot
      be easily addressed and supported in older libraries.<a href="#section-5-3" class="pilcrow">¶</a></p>
<p id="section-5-4">Historically, TLS specifications were not clear on what the record
      layer version number (TLSPlaintext.version) could contain when sending
      a ClientHello message. <span><a href="https://www.rfc-editor.org/rfc/rfc5246#appendix-E" class="relref">Appendix E</a> of [<a href="#RFC5246" class="xref">RFC5246</a>]</span> notes that TLSPlaintext.version
      could be selected to maximize interoperability, though no definitive
      value is identified as ideal. That guidance is still applicable;
      therefore, TLS servers <span class="bcp14">MUST</span> accept any value {03,XX} (including {03,00})
      as the record layer version number for ClientHello, but they <span class="bcp14">MUST NOT</span>
      negotiate TLS 1.1.<a href="#section-5-4" class="pilcrow">¶</a></p>
</section>
<section id="section-6">
      <h2 id="name-updates-to-rfc-7525">
<a href="#section-6" class="section-number selfRef">6. </a><a href="#name-updates-to-rfc-7525" class="section-name selfRef">Updates to RFC 7525</a>
      </h2>
<p id="section-6-1"><span><a href="#RFC7525" class="xref">"Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)"</a> [<a href="#RFC7525" class="xref">RFC7525</a>]</span>  is BCP 195, which is the
      most recent Best Current Practice for implementing TLS and was based on
      TLS 1.2. At the time of publication, TLS 1.0 and TLS 1.1 had not yet
      been deprecated. As such, BCP 195 is called out specifically to
      update text implementing the deprecation recommendations of this
      document.<a href="#section-6-1" class="pilcrow">¶</a></p>
<p id="section-6-2">This document updates <span><a href="https://www.rfc-editor.org/rfc/rfc7525#section-3.1.1" class="relref">Section 3.1.1</a> of [<a href="#RFC7525" class="xref">RFC7525</a>]</span> by
      changing <span class="bcp14">SHOULD NOT</span> to <span class="bcp14">MUST NOT</span> as follows:<a href="#section-6-2" class="pilcrow">¶</a></p>
<ul class="normal">
<li class="normal" id="section-6-3.1">
          <p id="section-6-3.1.1">Implementations <span class="bcp14">MUST NOT</span> negotiate TLS version 1.0 <span>[<a href="#RFC2246" class="xref">RFC2246</a>]</span>.<a href="#section-6-3.1.1" class="pilcrow">¶</a></p>
<p id="section-6-3.1.2"> Rationale: TLS 1.0
          (published in 1999) does not support many modern, strong cipher
          suites. In addition, TLS 1.0 lacks a per-record Initialization
          Vector (IV) for CBC-based cipher suites and does not warn against
          common padding errors.<a href="#section-6-3.1.2" class="pilcrow">¶</a></p>
</li>
        <li class="normal" id="section-6-3.2">
          <p id="section-6-3.2.1">Implementations <span class="bcp14">MUST NOT</span> negotiate TLS version 1.1 <span>[<a href="#RFC4346" class="xref">RFC4346</a>]</span>.<a href="#section-6-3.2.1" class="pilcrow">¶</a></p>
<p id="section-6-3.2.2"> Rationale: TLS 1.1
          (published in 2006) is a security improvement over TLS 1.0 but still
          does not support certain stronger cipher suites.<a href="#section-6-3.2.2" class="pilcrow">¶</a></p>
</li>
      </ul>
<p id="section-6-4">This document updates <span><a href="https://www.rfc-editor.org/rfc/rfc7525#section-3.1.2" class="relref">Section 3.1.2</a> of [<a href="#RFC7525" class="xref">RFC7525</a>]</span> by
      changing <span class="bcp14">SHOULD NOT</span> to <span class="bcp14">MUST NOT</span> and adding a reference to RFC 6347 as follows:<a href="#section-6-4" class="pilcrow">¶</a></p>
<ul class="normal">
<li class="normal" id="section-6-5.1">
          <p id="section-6-5.1.1">Implementations <span class="bcp14">MUST NOT</span> negotiate DTLS version 1.0 <span>[<a href="#RFC4347" class="xref">RFC4347</a>]</span> <span>[<a href="#RFC6347" class="xref">RFC6347</a>]</span>.<a href="#section-6-5.1.1" class="pilcrow">¶</a></p>
<p id="section-6-5.1.2"> Version 1.0 of DTLS correlates to version 1.1 of
          TLS (see above).<a href="#section-6-5.1.2" class="pilcrow">¶</a></p>
</li>
      </ul>
</section>
<section id="section-7">
      <h2 id="name-operational-considerations">
<a href="#section-7" class="section-number selfRef">7. </a><a href="#name-operational-considerations" class="section-name selfRef">Operational Considerations</a>
      </h2>
<p id="section-7-1">
 
            This document is part of BCP 195 and, as such, reflects the
            understanding of the IETF (at the time of this document's publication) as to the
            best practices for TLS and DTLS usage.<a href="#section-7-1" class="pilcrow">¶</a></p>
<p id="section-7-2">
            Though TLS 1.1 has been obsolete since the publication of <span>[<a href="#RFC5246" class="xref">RFC5246</a>]</span>
            in 2008, and DTLS 1.0 has been obsolete since the publication of <span>[<a href="#RFC6347" class="xref">RFC6347</a>]</span> in 2012, there may remain some 
     systems in operation that do not
            support (D)TLS 1.2 or higher. Adopting the practices recommended by
            this document for any systems that need to communicate with the
            aforementioned class of systems will cause failure to interoperate.
            However, disregarding the recommendations of this document in order
            to continue to interoperate with the aforementioned class of systems
            incurs some amount of risk. The nature of the risks incurred by
            operating in contravention to the recommendations of this document
            are discussed in Sections <a href="#support" class="xref">2</a> and 
     <a href="#sha-1" class="xref">3</a>, and knowledge of those risks
            should be used along with any potential mitigating factors and the
            risks inherent to updating the systems in question when deciding how
            quickly to adopt the recommendations specified in this document.<a href="#section-7-2" class="pilcrow">¶</a></p>
</section>
<section id="section-8">
      <h2 id="name-security-considerations">
<a href="#section-8" class="section-number selfRef">8. </a><a href="#name-security-considerations" class="section-name selfRef">Security Considerations</a>
      </h2>
<p id="section-8-1">This document deprecates two older TLS protocol versions and one older
      DTLS protocol version for security
      reasons already described. The attack surface is reduced when there are
      a smaller number of supported protocols and fallback options are
      removed.<a href="#section-8-1" class="pilcrow">¶</a></p>
</section>
<section id="section-9">
      <h2 id="name-iana-considerations">
<a href="#section-9" class="section-number selfRef">9. </a><a href="#name-iana-considerations" class="section-name selfRef">IANA Considerations</a>
      </h2>
<p id="section-9-1">This document has no IANA actions.<a href="#section-9-1" class="pilcrow">¶</a></p>
</section>
<section id="section-10">
      <h2 id="name-references">
<a href="#section-10" class="section-number selfRef">10. </a><a href="#name-references" class="section-name selfRef">References</a>
      </h2>
<section id="section-10.1">
        <h3 id="name-normative-references">
<a href="#section-10.1" class="section-number selfRef">10.1. </a><a href="#name-normative-references" class="section-name selfRef">Normative References</a>
        </h3>
<dl class="references">
<dt id="RFC2119">[RFC2119]</dt>
        <dd>
<span class="refAuthor">Bradner, S.</span>, <span class="refTitle">"Key words for use in RFCs to Indicate Requirement Levels"</span>, <span class="seriesInfo">BCP 14</span>, <span class="seriesInfo">RFC 2119</span>, <span class="seriesInfo">DOI 10.17487/RFC2119</span>, <time datetime="1997-03" class="refDate">March 1997</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc2119">https://www.rfc-editor.org/info/rfc2119</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC2246">[RFC2246]</dt>
        <dd>
<span class="refAuthor">Dierks, T.</span> and <span class="refAuthor">C. Allen</span>, <span class="refTitle">"The TLS Protocol Version 1.0"</span>, <span class="seriesInfo">RFC 2246</span>, <span class="seriesInfo">DOI 10.17487/RFC2246</span>, <time datetime="1999-01" class="refDate">January 1999</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc2246">https://www.rfc-editor.org/info/rfc2246</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC3261">[RFC3261]</dt>
        <dd>
<span class="refAuthor">Rosenberg, J.</span>, <span class="refAuthor">Schulzrinne, H.</span>, <span class="refAuthor">Camarillo, G.</span>, <span class="refAuthor">Johnston, A.</span>, <span class="refAuthor">Peterson, J.</span>, <span class="refAuthor">Sparks, R.</span>, <span class="refAuthor">Handley, M.</span>, and <span class="refAuthor">E. Schooler</span>, <span class="refTitle">"SIP: Session Initiation Protocol"</span>, <span class="seriesInfo">RFC 3261</span>, <span class="seriesInfo">DOI 10.17487/RFC3261</span>, <time datetime="2002-06" class="refDate">June 2002</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc3261">https://www.rfc-editor.org/info/rfc3261</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC3329">[RFC3329]</dt>
        <dd>
<span class="refAuthor">Arkko, J.</span>, <span class="refAuthor">Torvinen, V.</span>, <span class="refAuthor">Camarillo, G.</span>, <span class="refAuthor">Niemi, A.</span>, and <span class="refAuthor">T. Haukka</span>, <span class="refTitle">"Security Mechanism Agreement for the Session Initiation Protocol (SIP)"</span>, <span class="seriesInfo">RFC 3329</span>, <span class="seriesInfo">DOI 10.17487/RFC3329</span>, <time datetime="2003-01" class="refDate">January 2003</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc3329">https://www.rfc-editor.org/info/rfc3329</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC3436">[RFC3436]</dt>
        <dd>
<span class="refAuthor">Jungmaier, A.</span>, <span class="refAuthor">Rescorla, E.</span>, and <span class="refAuthor">M. Tuexen</span>, <span class="refTitle">"Transport Layer Security over Stream Control Transmission Protocol"</span>, <span class="seriesInfo">RFC 3436</span>, <span class="seriesInfo">DOI 10.17487/RFC3436</span>, <time datetime="2002-12" class="refDate">December 2002</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc3436">https://www.rfc-editor.org/info/rfc3436</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC3470">[RFC3470]</dt>
        <dd>
<span class="refAuthor">Hollenbeck, S.</span>, <span class="refAuthor">Rose, M.</span>, and <span class="refAuthor">L. Masinter</span>, <span class="refTitle">"Guidelines for the Use of Extensible Markup Language (XML) within IETF Protocols"</span>, <span class="seriesInfo">BCP 70</span>, <span class="seriesInfo">RFC 3470</span>, <span class="seriesInfo">DOI 10.17487/RFC3470</span>, <time datetime="2003-01" class="refDate">January 2003</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc3470">https://www.rfc-editor.org/info/rfc3470</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC3501">[RFC3501]</dt>
        <dd>
<span class="refAuthor">Crispin, M.</span>, <span class="refTitle">"INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1"</span>, <span class="seriesInfo">RFC 3501</span>, <span class="seriesInfo">DOI 10.17487/RFC3501</span>, <time datetime="2003-03" class="refDate">March 2003</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc3501">https://www.rfc-editor.org/info/rfc3501</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC3552">[RFC3552]</dt>
        <dd>
<span class="refAuthor">Rescorla, E.</span> and <span class="refAuthor">B. Korver</span>, <span class="refTitle">"Guidelines for Writing RFC Text on Security Considerations"</span>, <span class="seriesInfo">BCP 72</span>, <span class="seriesInfo">RFC 3552</span>, <span class="seriesInfo">DOI 10.17487/RFC3552</span>, <time datetime="2003-07" class="refDate">July 2003</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc3552">https://www.rfc-editor.org/info/rfc3552</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC3568">[RFC3568]</dt>
        <dd>
<span class="refAuthor">Barbir, A.</span>, <span class="refAuthor">Cain, B.</span>, <span class="refAuthor">Nair, R.</span>, and <span class="refAuthor">O. Spatscheck</span>, <span class="refTitle">"Known Content Network (CN) Request-Routing Mechanisms"</span>, <span class="seriesInfo">RFC 3568</span>, <span class="seriesInfo">DOI 10.17487/RFC3568</span>, <time datetime="2003-07" class="refDate">July 2003</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc3568">https://www.rfc-editor.org/info/rfc3568</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC3656">[RFC3656]</dt>
        <dd>
<span class="refAuthor">Siemborski, R.</span>, <span class="refTitle">"The Mailbox Update (MUPDATE) Distributed Mailbox Database Protocol"</span>, <span class="seriesInfo">RFC 3656</span>, <span class="seriesInfo">DOI 10.17487/RFC3656</span>, <time datetime="2003-12" class="refDate">December 2003</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc3656">https://www.rfc-editor.org/info/rfc3656</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC3749">[RFC3749]</dt>
        <dd>
<span class="refAuthor">Hollenbeck, S.</span>, <span class="refTitle">"Transport Layer Security Protocol Compression Methods"</span>, <span class="seriesInfo">RFC 3749</span>, <span class="seriesInfo">DOI 10.17487/RFC3749</span>, <time datetime="2004-05" class="refDate">May 2004</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc3749">https://www.rfc-editor.org/info/rfc3749</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC3767">[RFC3767]</dt>
        <dd>
<span class="refAuthor">Farrell, S., Ed.</span>, <span class="refTitle">"Securely Available Credentials Protocol"</span>, <span class="seriesInfo">RFC 3767</span>, <span class="seriesInfo">DOI 10.17487/RFC3767</span>, <time datetime="2004-06" class="refDate">June 2004</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc3767">https://www.rfc-editor.org/info/rfc3767</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC3856">[RFC3856]</dt>
        <dd>
<span class="refAuthor">Rosenberg, J.</span>, <span class="refTitle">"A Presence Event Package for the Session Initiation Protocol (SIP)"</span>, <span class="seriesInfo">RFC 3856</span>, <span class="seriesInfo">DOI 10.17487/RFC3856</span>, <time datetime="2004-08" class="refDate">August 2004</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc3856">https://www.rfc-editor.org/info/rfc3856</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC3871">[RFC3871]</dt>
        <dd>
<span class="refAuthor">Jones, G., Ed.</span>, <span class="refTitle">"Operational Security Requirements for Large Internet Service Provider (ISP) IP Network Infrastructure"</span>, <span class="seriesInfo">RFC 3871</span>, <span class="seriesInfo">DOI 10.17487/RFC3871</span>, <time datetime="2004-09" class="refDate">September 2004</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc3871">https://www.rfc-editor.org/info/rfc3871</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC3887">[RFC3887]</dt>
        <dd>
<span class="refAuthor">Hansen, T.</span>, <span class="refTitle">"Message Tracking Query Protocol"</span>, <span class="seriesInfo">RFC 3887</span>, <span class="seriesInfo">DOI 10.17487/RFC3887</span>, <time datetime="2004-09" class="refDate">September 2004</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc3887">https://www.rfc-editor.org/info/rfc3887</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC3903">[RFC3903]</dt>
        <dd>
<span class="refAuthor">Niemi, A., Ed.</span>, <span class="refTitle">"Session Initiation Protocol (SIP) Extension for Event State Publication"</span>, <span class="seriesInfo">RFC 3903</span>, <span class="seriesInfo">DOI 10.17487/RFC3903</span>, <time datetime="2004-10" class="refDate">October 2004</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc3903">https://www.rfc-editor.org/info/rfc3903</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC3943">[RFC3943]</dt>
        <dd>
<span class="refAuthor">Friend, R.</span>, <span class="refTitle">"Transport Layer Security (TLS) Protocol Compression Using Lempel-Ziv-Stac (LZS)"</span>, <span class="seriesInfo">RFC 3943</span>, <span class="seriesInfo">DOI 10.17487/RFC3943</span>, <time datetime="2004-11" class="refDate">November 2004</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc3943">https://www.rfc-editor.org/info/rfc3943</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC3983">[RFC3983]</dt>
        <dd>
<span class="refAuthor">Newton, A.</span> and <span class="refAuthor">M. Sanz</span>, <span class="refTitle">"Using the Internet Registry Information Service (IRIS) over the Blocks Extensible Exchange Protocol (BEEP)"</span>, <span class="seriesInfo">RFC 3983</span>, <span class="seriesInfo">DOI 10.17487/RFC3983</span>, <time datetime="2005-01" class="refDate">January 2005</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc3983">https://www.rfc-editor.org/info/rfc3983</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4097">[RFC4097]</dt>
        <dd>
<span class="refAuthor">Barnes, M., Ed.</span>, <span class="refTitle">"Middlebox Communications (MIDCOM) Protocol Evaluation"</span>, <span class="seriesInfo">RFC 4097</span>, <span class="seriesInfo">DOI 10.17487/RFC4097</span>, <time datetime="2005-06" class="refDate">June 2005</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4097">https://www.rfc-editor.org/info/rfc4097</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4111">[RFC4111]</dt>
        <dd>
<span class="refAuthor">Fang, L., Ed.</span>, <span class="refTitle">"Security Framework for Provider-Provisioned Virtual Private Networks (PPVPNs)"</span>, <span class="seriesInfo">RFC 4111</span>, <span class="seriesInfo">DOI 10.17487/RFC4111</span>, <time datetime="2005-07" class="refDate">July 2005</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4111">https://www.rfc-editor.org/info/rfc4111</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4162">[RFC4162]</dt>
        <dd>
<span class="refAuthor">Lee, H.J.</span>, <span class="refAuthor">Yoon, J.H.</span>, and <span class="refAuthor">J.I. Lee</span>, <span class="refTitle">"Addition of SEED Cipher Suites to Transport Layer Security (TLS)"</span>, <span class="seriesInfo">RFC 4162</span>, <span class="seriesInfo">DOI 10.17487/RFC4162</span>, <time datetime="2005-08" class="refDate">August 2005</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4162">https://www.rfc-editor.org/info/rfc4162</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4168">[RFC4168]</dt>
        <dd>
<span class="refAuthor">Rosenberg, J.</span>, <span class="refAuthor">Schulzrinne, H.</span>, and <span class="refAuthor">G. Camarillo</span>, <span class="refTitle">"The Stream Control Transmission Protocol (SCTP) as a Transport for the Session Initiation Protocol (SIP)"</span>, <span class="seriesInfo">RFC 4168</span>, <span class="seriesInfo">DOI 10.17487/RFC4168</span>, <time datetime="2005-10" class="refDate">October 2005</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4168">https://www.rfc-editor.org/info/rfc4168</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4217">[RFC4217]</dt>
        <dd>
<span class="refAuthor">Ford-Hutchinson, P.</span>, <span class="refTitle">"Securing FTP with TLS"</span>, <span class="seriesInfo">RFC 4217</span>, <span class="seriesInfo">DOI 10.17487/RFC4217</span>, <time datetime="2005-10" class="refDate">October 2005</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4217">https://www.rfc-editor.org/info/rfc4217</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4235">[RFC4235]</dt>
        <dd>
<span class="refAuthor">Rosenberg, J.</span>, <span class="refAuthor">Schulzrinne, H.</span>, and <span class="refAuthor">R. Mahy, Ed.</span>, <span class="refTitle">"An INVITE-Initiated Dialog Event Package for the Session Initiation Protocol (SIP)"</span>, <span class="seriesInfo">RFC 4235</span>, <span class="seriesInfo">DOI 10.17487/RFC4235</span>, <time datetime="2005-11" class="refDate">November 2005</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4235">https://www.rfc-editor.org/info/rfc4235</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4261">[RFC4261]</dt>
        <dd>
<span class="refAuthor">Walker, J.</span> and <span class="refAuthor">A. Kulkarni, Ed.</span>, <span class="refTitle">"Common Open Policy Service (COPS) Over Transport Layer Security (TLS)"</span>, <span class="seriesInfo">RFC 4261</span>, <span class="seriesInfo">DOI 10.17487/RFC4261</span>, <time datetime="2005-12" class="refDate">December 2005</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4261">https://www.rfc-editor.org/info/rfc4261</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4279">[RFC4279]</dt>
        <dd>
<span class="refAuthor">Eronen, P., Ed.</span> and <span class="refAuthor">H. Tschofenig, Ed.</span>, <span class="refTitle">"Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)"</span>, <span class="seriesInfo">RFC 4279</span>, <span class="seriesInfo">DOI 10.17487/RFC4279</span>, <time datetime="2005-12" class="refDate">December 2005</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4279">https://www.rfc-editor.org/info/rfc4279</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4346">[RFC4346]</dt>
        <dd>
<span class="refAuthor">Dierks, T.</span> and <span class="refAuthor">E. Rescorla</span>, <span class="refTitle">"The Transport Layer Security (TLS) Protocol Version 1.1"</span>, <span class="seriesInfo">RFC 4346</span>, <span class="seriesInfo">DOI 10.17487/RFC4346</span>, <time datetime="2006-04" class="refDate">April 2006</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4346">https://www.rfc-editor.org/info/rfc4346</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4497">[RFC4497]</dt>
        <dd>
<span class="refAuthor">Elwell, J.</span>, <span class="refAuthor">Derks, F.</span>, <span class="refAuthor">Mourot, P.</span>, and <span class="refAuthor">O. Rousseau</span>, <span class="refTitle">"Interworking between the Session Initiation Protocol (SIP) and QSIG"</span>, <span class="seriesInfo">BCP 117</span>, <span class="seriesInfo">RFC 4497</span>, <span class="seriesInfo">DOI 10.17487/RFC4497</span>, <time datetime="2006-05" class="refDate">May 2006</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4497">https://www.rfc-editor.org/info/rfc4497</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4513">[RFC4513]</dt>
        <dd>
<span class="refAuthor">Harrison, R., Ed.</span>, <span class="refTitle">"Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms"</span>, <span class="seriesInfo">RFC 4513</span>, <span class="seriesInfo">DOI 10.17487/RFC4513</span>, <time datetime="2006-06" class="refDate">June 2006</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4513">https://www.rfc-editor.org/info/rfc4513</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4531">[RFC4531]</dt>
        <dd>
<span class="refAuthor">Zeilenga, K.</span>, <span class="refTitle">"Lightweight Directory Access Protocol (LDAP) Turn Operation"</span>, <span class="seriesInfo">RFC 4531</span>, <span class="seriesInfo">DOI 10.17487/RFC4531</span>, <time datetime="2006-06" class="refDate">June 2006</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4531">https://www.rfc-editor.org/info/rfc4531</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4540">[RFC4540]</dt>
        <dd>
<span class="refAuthor">Stiemerling, M.</span>, <span class="refAuthor">Quittek, J.</span>, and <span class="refAuthor">C. Cadar</span>, <span class="refTitle">"NEC's Simple Middlebox Configuration (SIMCO) Protocol Version 3.0"</span>, <span class="seriesInfo">RFC 4540</span>, <span class="seriesInfo">DOI 10.17487/RFC4540</span>, <time datetime="2006-05" class="refDate">May 2006</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4540">https://www.rfc-editor.org/info/rfc4540</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4582">[RFC4582]</dt>
        <dd>
<span class="refAuthor">Camarillo, G.</span>, <span class="refAuthor">Ott, J.</span>, and <span class="refAuthor">K. Drage</span>, <span class="refTitle">"The Binary Floor Control Protocol (BFCP)"</span>, <span class="seriesInfo">RFC 4582</span>, <span class="seriesInfo">DOI 10.17487/RFC4582</span>, <time datetime="2006-11" class="refDate">November 2006</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4582">https://www.rfc-editor.org/info/rfc4582</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4616">[RFC4616]</dt>
        <dd>
<span class="refAuthor">Zeilenga, K., Ed.</span>, <span class="refTitle">"The PLAIN Simple Authentication and Security Layer (SASL) Mechanism"</span>, <span class="seriesInfo">RFC 4616</span>, <span class="seriesInfo">DOI 10.17487/RFC4616</span>, <time datetime="2006-08" class="refDate">August 2006</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4616">https://www.rfc-editor.org/info/rfc4616</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4642">[RFC4642]</dt>
        <dd>
<span class="refAuthor">Murchison, K.</span>, <span class="refAuthor">Vinocur, J.</span>, and <span class="refAuthor">C. Newman</span>, <span class="refTitle">"Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP)"</span>, <span class="seriesInfo">RFC 4642</span>, <span class="seriesInfo">DOI 10.17487/RFC4642</span>, <time datetime="2006-10" class="refDate">October 2006</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4642">https://www.rfc-editor.org/info/rfc4642</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4680">[RFC4680]</dt>
        <dd>
<span class="refAuthor">Santesson, S.</span>, <span class="refTitle">"TLS Handshake Message for Supplemental Data"</span>, <span class="seriesInfo">RFC 4680</span>, <span class="seriesInfo">DOI 10.17487/RFC4680</span>, <time datetime="2006-10" class="refDate">October 2006</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4680">https://www.rfc-editor.org/info/rfc4680</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4681">[RFC4681]</dt>
        <dd>
<span class="refAuthor">Santesson, S.</span>, <span class="refAuthor">Medvinsky, A.</span>, and <span class="refAuthor">J. Ball</span>, <span class="refTitle">"TLS User Mapping Extension"</span>, <span class="seriesInfo">RFC 4681</span>, <span class="seriesInfo">DOI 10.17487/RFC4681</span>, <time datetime="2006-10" class="refDate">October 2006</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4681">https://www.rfc-editor.org/info/rfc4681</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4712">[RFC4712]</dt>
        <dd>
<span class="refAuthor">Siddiqui, A.</span>, <span class="refAuthor">Romascanu, D.</span>, <span class="refAuthor">Golovinsky, E.</span>, <span class="refAuthor">Rahman, M.</span>, and <span class="refAuthor">Y. Kim</span>, <span class="refTitle">"Transport Mappings for Real-time Application Quality-of-Service Monitoring (RAQMON) Protocol Data Unit (PDU)"</span>, <span class="seriesInfo">RFC 4712</span>, <span class="seriesInfo">DOI 10.17487/RFC4712</span>, <time datetime="2006-10" class="refDate">October 2006</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4712">https://www.rfc-editor.org/info/rfc4712</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4732">[RFC4732]</dt>
        <dd>
<span class="refAuthor">Handley, M., Ed.</span>, <span class="refAuthor">Rescorla, E., Ed.</span>, and <span class="refAuthor">IAB</span>, <span class="refTitle">"Internet Denial-of-Service Considerations"</span>, <span class="seriesInfo">RFC 4732</span>, <span class="seriesInfo">DOI 10.17487/RFC4732</span>, <time datetime="2006-12" class="refDate">December 2006</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4732">https://www.rfc-editor.org/info/rfc4732</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4743">[RFC4743]</dt>
        <dd>
<span class="refAuthor">Goddard, T.</span>, <span class="refTitle">"Using NETCONF over the Simple Object Access Protocol (SOAP)"</span>, <span class="seriesInfo">RFC 4743</span>, <span class="seriesInfo">DOI 10.17487/RFC4743</span>, <time datetime="2006-12" class="refDate">December 2006</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4743">https://www.rfc-editor.org/info/rfc4743</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4744">[RFC4744]</dt>
        <dd>
<span class="refAuthor">Lear, E.</span> and <span class="refAuthor">K. Crozier</span>, <span class="refTitle">"Using the NETCONF Protocol over the Blocks Extensible Exchange Protocol (BEEP)"</span>, <span class="seriesInfo">RFC 4744</span>, <span class="seriesInfo">DOI 10.17487/RFC4744</span>, <time datetime="2006-12" class="refDate">December 2006</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4744">https://www.rfc-editor.org/info/rfc4744</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4785">[RFC4785]</dt>
        <dd>
<span class="refAuthor">Blumenthal, U.</span> and <span class="refAuthor">P. Goel</span>, <span class="refTitle">"Pre-Shared Key (PSK) Ciphersuites with NULL Encryption for Transport Layer Security (TLS)"</span>, <span class="seriesInfo">RFC 4785</span>, <span class="seriesInfo">DOI 10.17487/RFC4785</span>, <time datetime="2007-01" class="refDate">January 2007</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4785">https://www.rfc-editor.org/info/rfc4785</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4791">[RFC4791]</dt>
        <dd>
<span class="refAuthor">Daboo, C.</span>, <span class="refAuthor">Desruisseaux, B.</span>, and <span class="refAuthor">L. Dusseault</span>, <span class="refTitle">"Calendaring Extensions to WebDAV (CalDAV)"</span>, <span class="seriesInfo">RFC 4791</span>, <span class="seriesInfo">DOI 10.17487/RFC4791</span>, <time datetime="2007-03" class="refDate">March 2007</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4791">https://www.rfc-editor.org/info/rfc4791</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4823">[RFC4823]</dt>
        <dd>
<span class="refAuthor">Harding, T.</span> and <span class="refAuthor">R. Scott</span>, <span class="refTitle">"FTP Transport for Secure Peer-to-Peer Business Data Interchange over the Internet"</span>, <span class="seriesInfo">RFC 4823</span>, <span class="seriesInfo">DOI 10.17487/RFC4823</span>, <time datetime="2007-04" class="refDate">April 2007</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4823">https://www.rfc-editor.org/info/rfc4823</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4851">[RFC4851]</dt>
        <dd>
<span class="refAuthor">Cam-Winget, N.</span>, <span class="refAuthor">McGrew, D.</span>, <span class="refAuthor">Salowey, J.</span>, and <span class="refAuthor">H. Zhou</span>, <span class="refTitle">"The Flexible Authentication via Secure Tunneling Extensible Authentication Protocol Method (EAP-FAST)"</span>, <span class="seriesInfo">RFC 4851</span>, <span class="seriesInfo">DOI 10.17487/RFC4851</span>, <time datetime="2007-05" class="refDate">May 2007</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4851">https://www.rfc-editor.org/info/rfc4851</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4964">[RFC4964]</dt>
        <dd>
<span class="refAuthor">Allen, A., Ed.</span>, <span class="refAuthor">Holm, J.</span>, and <span class="refAuthor">T. Hallin</span>, <span class="refTitle">"The P-Answer-State Header Extension to the Session Initiation Protocol for the Open Mobile Alliance Push to Talk over Cellular"</span>, <span class="seriesInfo">RFC 4964</span>, <span class="seriesInfo">DOI 10.17487/RFC4964</span>, <time datetime="2007-09" class="refDate">September 2007</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4964">https://www.rfc-editor.org/info/rfc4964</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4975">[RFC4975]</dt>
        <dd>
<span class="refAuthor">Campbell, B., Ed.</span>, <span class="refAuthor">Mahy, R., Ed.</span>, and <span class="refAuthor">C. Jennings, Ed.</span>, <span class="refTitle">"The Message Session Relay Protocol (MSRP)"</span>, <span class="seriesInfo">RFC 4975</span>, <span class="seriesInfo">DOI 10.17487/RFC4975</span>, <time datetime="2007-09" class="refDate">September 2007</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4975">https://www.rfc-editor.org/info/rfc4975</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4976">[RFC4976]</dt>
        <dd>
<span class="refAuthor">Jennings, C.</span>, <span class="refAuthor">Mahy, R.</span>, and <span class="refAuthor">A. B. Roach</span>, <span class="refTitle">"Relay Extensions for the Message Sessions Relay Protocol (MSRP)"</span>, <span class="seriesInfo">RFC 4976</span>, <span class="seriesInfo">DOI 10.17487/RFC4976</span>, <time datetime="2007-09" class="refDate">September 2007</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4976">https://www.rfc-editor.org/info/rfc4976</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4992">[RFC4992]</dt>
        <dd>
<span class="refAuthor">Newton, A.</span>, <span class="refTitle">"XML Pipelining with Chunks for the Internet Registry Information Service"</span>, <span class="seriesInfo">RFC 4992</span>, <span class="seriesInfo">DOI 10.17487/RFC4992</span>, <time datetime="2007-08" class="refDate">August 2007</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4992">https://www.rfc-editor.org/info/rfc4992</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC5018">[RFC5018]</dt>
        <dd>
<span class="refAuthor">Camarillo, G.</span>, <span class="refTitle">"Connection Establishment in the Binary Floor Control Protocol (BFCP)"</span>, <span class="seriesInfo">RFC 5018</span>, <span class="seriesInfo">DOI 10.17487/RFC5018</span>, <time datetime="2007-09" class="refDate">September 2007</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc5018">https://www.rfc-editor.org/info/rfc5018</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC5019">[RFC5019]</dt>
        <dd>
<span class="refAuthor">Deacon, A.</span> and <span class="refAuthor">R. Hurst</span>, <span class="refTitle">"The Lightweight Online Certificate Status Protocol (OCSP) Profile for High-Volume Environments"</span>, <span class="seriesInfo">RFC 5019</span>, <span class="seriesInfo">DOI 10.17487/RFC5019</span>, <time datetime="2007-09" class="refDate">September 2007</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc5019">https://www.rfc-editor.org/info/rfc5019</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC5023">[RFC5023]</dt>
        <dd>
<span class="refAuthor">Gregorio, J., Ed.</span> and <span class="refAuthor">B. de hOra, Ed.</span>, <span class="refTitle">"The Atom Publishing Protocol"</span>, <span class="seriesInfo">RFC 5023</span>, <span class="seriesInfo">DOI 10.17487/RFC5023</span>, <time datetime="2007-10" class="refDate">October 2007</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc5023">https://www.rfc-editor.org/info/rfc5023</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC5024">[RFC5024]</dt>
        <dd>
<span class="refAuthor">Friend, I.</span>, <span class="refTitle">"ODETTE File Transfer Protocol 2.0"</span>, <span class="seriesInfo">RFC 5024</span>, <span class="seriesInfo">DOI 10.17487/RFC5024</span>, <time datetime="2007-11" class="refDate">November 2007</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc5024">https://www.rfc-editor.org/info/rfc5024</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC5049">[RFC5049]</dt>
        <dd>
<span class="refAuthor">Bormann, C.</span>, <span class="refAuthor">Liu, Z.</span>, <span class="refAuthor">Price, R.</span>, and <span class="refAuthor">G. Camarillo, Ed.</span>, <span class="refTitle">"Applying Signaling Compression (SigComp) to the Session Initiation Protocol (SIP)"</span>, <span class="seriesInfo">RFC 5049</span>, <span class="seriesInfo">DOI 10.17487/RFC5049</span>, <time datetime="2007-12" class="refDate">December 2007</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc5049">https://www.rfc-editor.org/info/rfc5049</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC5054">[RFC5054]</dt>
        <dd>
<span class="refAuthor">Taylor, D.</span>, <span class="refAuthor">Wu, T.</span>, <span class="refAuthor">Mavrogiannopoulos, N.</span>, and <span class="refAuthor">T. Perrin</span>, <span class="refTitle">"Using the Secure Remote Password (SRP) Protocol for TLS Authentication"</span>, <span class="seriesInfo">RFC 5054</span>, <span class="seriesInfo">DOI 10.17487/RFC5054</span>, <time datetime="2007-11" class="refDate">November 2007</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc5054">https://www.rfc-editor.org/info/rfc5054</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC5091">[RFC5091]</dt>
        <dd>
<span class="refAuthor">Boyen, X.</span> and <span class="refAuthor">L. Martin</span>, <span class="refTitle">"Identity-Based Cryptography Standard (IBCS) #1: Supersingular Curve Implementations of the BF and BB1 Cryptosystems"</span>, <span class="seriesInfo">RFC 5091</span>, <span class="seriesInfo">DOI 10.17487/RFC5091</span>, <time datetime="2007-12" class="refDate">December 2007</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc5091">https://www.rfc-editor.org/info/rfc5091</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC5158">[RFC5158]</dt>
        <dd>
<span class="refAuthor">Huston, G.</span>, <span class="refTitle">"6to4 Reverse DNS Delegation Specification"</span>, <span class="seriesInfo">RFC 5158</span>, <span class="seriesInfo">DOI 10.17487/RFC5158</span>, <time datetime="2008-03" class="refDate">March 2008</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc5158">https://www.rfc-editor.org/info/rfc5158</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC5216">[RFC5216]</dt>
        <dd>
<span class="refAuthor">Simon, D.</span>, <span class="refAuthor">Aboba, B.</span>, and <span class="refAuthor">R. Hurst</span>, <span class="refTitle">"The EAP-TLS Authentication Protocol"</span>, <span class="seriesInfo">RFC 5216</span>, <span class="seriesInfo">DOI 10.17487/RFC5216</span>, <time datetime="2008-03" class="refDate">March 2008</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc5216">https://www.rfc-editor.org/info/rfc5216</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC5238">[RFC5238]</dt>
        <dd>
<span class="refAuthor">Phelan, T.</span>, <span class="refTitle">"Datagram Transport Layer Security (DTLS) over the Datagram Congestion Control Protocol (DCCP)"</span>, <span class="seriesInfo">RFC 5238</span>, <span class="seriesInfo">DOI 10.17487/RFC5238</span>, <time datetime="2008-05" class="refDate">May 2008</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc5238">https://www.rfc-editor.org/info/rfc5238</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC5263">[RFC5263]</dt>
        <dd>
<span class="refAuthor">Lonnfors, M.</span>, <span class="refAuthor">Costa-Requena, J.</span>, <span class="refAuthor">Leppanen, E.</span>, and <span class="refAuthor">H. Khartabil</span>, <span class="refTitle">"Session Initiation Protocol (SIP) Extension for Partial Notification of Presence Information"</span>, <span class="seriesInfo">RFC 5263</span>, <span class="seriesInfo">DOI 10.17487/RFC5263</span>, <time datetime="2008-09" class="refDate">September 2008</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc5263">https://www.rfc-editor.org/info/rfc5263</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC5281">[RFC5281]</dt>
        <dd>
<span class="refAuthor">Funk, P.</span> and <span class="refAuthor">S. Blake-Wilson</span>, <span class="refTitle">"Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0)"</span>, <span class="seriesInfo">RFC 5281</span>, <span class="seriesInfo">DOI 10.17487/RFC5281</span>, <time datetime="2008-08" class="refDate">August 2008</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc5281">https://www.rfc-editor.org/info/rfc5281</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC5364">[RFC5364]</dt>
        <dd>
<span class="refAuthor">Garcia-Martin, M.</span> and <span class="refAuthor">G. Camarillo</span>, <span class="refTitle">"Extensible Markup Language (XML) Format Extension for Representing Copy Control Attributes in Resource Lists"</span>, <span class="seriesInfo">RFC 5364</span>, <span class="seriesInfo">DOI 10.17487/RFC5364</span>, <time datetime="2008-10" class="refDate">October 2008</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc5364">https://www.rfc-editor.org/info/rfc5364</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC5422">[RFC5422]</dt>
        <dd>
<span class="refAuthor">Cam-Winget, N.</span>, <span class="refAuthor">McGrew, D.</span>, <span class="refAuthor">Salowey, J.</span>, and <span class="refAuthor">H. Zhou</span>, <span class="refTitle">"Dynamic Provisioning Using Flexible Authentication via Secure Tunneling Extensible Authentication Protocol (EAP-FAST)"</span>, <span class="seriesInfo">RFC 5422</span>, <span class="seriesInfo">DOI 10.17487/RFC5422</span>, <time datetime="2009-03" class="refDate">March 2009</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc5422">https://www.rfc-editor.org/info/rfc5422</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC5469">[RFC5469]</dt>
        <dd>
<span class="refAuthor">Eronen, P., Ed.</span>, <span class="refTitle">"DES and IDEA Cipher Suites for Transport Layer Security (TLS)"</span>, <span class="seriesInfo">RFC 5469</span>, <span class="seriesInfo">DOI 10.17487/RFC5469</span>, <time datetime="2009-02" class="refDate">February 2009</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc5469">https://www.rfc-editor.org/info/rfc5469</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC5734">[RFC5734]</dt>
        <dd>
<span class="refAuthor">Hollenbeck, S.</span>, <span class="refTitle">"Extensible Provisioning Protocol (EPP) Transport over TCP"</span>, <span class="seriesInfo">STD 69</span>, <span class="seriesInfo">RFC 5734</span>, <span class="seriesInfo">DOI 10.17487/RFC5734</span>, <time datetime="2009-08" class="refDate">August 2009</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc5734">https://www.rfc-editor.org/info/rfc5734</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC5878">[RFC5878]</dt>
        <dd>
<span class="refAuthor">Brown, M.</span> and <span class="refAuthor">R. Housley</span>, <span class="refTitle">"Transport Layer Security (TLS) Authorization Extensions"</span>, <span class="seriesInfo">RFC 5878</span>, <span class="seriesInfo">DOI 10.17487/RFC5878</span>, <time datetime="2010-05" class="refDate">May 2010</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc5878">https://www.rfc-editor.org/info/rfc5878</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC5953">[RFC5953]</dt>
        <dd>
<span class="refAuthor">Hardaker, W.</span>, <span class="refTitle">"Transport Layer Security (TLS) Transport Model for the Simple Network Management Protocol (SNMP)"</span>, <span class="seriesInfo">RFC 5953</span>, <span class="seriesInfo">DOI 10.17487/RFC5953</span>, <time datetime="2010-08" class="refDate">August 2010</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc5953">https://www.rfc-editor.org/info/rfc5953</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC6042">[RFC6042]</dt>
        <dd>
<span class="refAuthor">Keromytis, A.</span>, <span class="refTitle">"Transport Layer Security (TLS) Authorization Using KeyNote"</span>, <span class="seriesInfo">RFC 6042</span>, <span class="seriesInfo">DOI 10.17487/RFC6042</span>, <time datetime="2010-10" class="refDate">October 2010</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc6042">https://www.rfc-editor.org/info/rfc6042</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC6176">[RFC6176]</dt>
        <dd>
<span class="refAuthor">Turner, S.</span> and <span class="refAuthor">T. Polk</span>, <span class="refTitle">"Prohibiting Secure Sockets Layer (SSL) Version 2.0"</span>, <span class="seriesInfo">RFC 6176</span>, <span class="seriesInfo">DOI 10.17487/RFC6176</span>, <time datetime="2011-03" class="refDate">March 2011</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc6176">https://www.rfc-editor.org/info/rfc6176</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC6353">[RFC6353]</dt>
        <dd>
<span class="refAuthor">Hardaker, W.</span>, <span class="refTitle">"Transport Layer Security (TLS) Transport Model for the Simple Network Management Protocol (SNMP)"</span>, <span class="seriesInfo">STD 78</span>, <span class="seriesInfo">RFC 6353</span>, <span class="seriesInfo">DOI 10.17487/RFC6353</span>, <time datetime="2011-07" class="refDate">July 2011</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc6353">https://www.rfc-editor.org/info/rfc6353</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC6367">[RFC6367]</dt>
        <dd>
<span class="refAuthor">Kanno, S.</span> and <span class="refAuthor">M. Kanda</span>, <span class="refTitle">"Addition of the Camellia Cipher Suites to Transport Layer Security (TLS)"</span>, <span class="seriesInfo">RFC 6367</span>, <span class="seriesInfo">DOI 10.17487/RFC6367</span>, <time datetime="2011-09" class="refDate">September 2011</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc6367">https://www.rfc-editor.org/info/rfc6367</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC6739">[RFC6739]</dt>
        <dd>
<span class="refAuthor">Schulzrinne, H.</span> and <span class="refAuthor">H. Tschofenig</span>, <span class="refTitle">"Synchronizing Service Boundaries and &lt;mapping&gt; Elements Based on the Location-to-Service Translation (LoST) Protocol"</span>, <span class="seriesInfo">RFC 6739</span>, <span class="seriesInfo">DOI 10.17487/RFC6739</span>, <time datetime="2012-10" class="refDate">October 2012</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc6739">https://www.rfc-editor.org/info/rfc6739</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC6749">[RFC6749]</dt>
        <dd>
<span class="refAuthor">Hardt, D., Ed.</span>, <span class="refTitle">"The OAuth 2.0 Authorization Framework"</span>, <span class="seriesInfo">RFC 6749</span>, <span class="seriesInfo">DOI 10.17487/RFC6749</span>, <time datetime="2012-10" class="refDate">October 2012</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc6749">https://www.rfc-editor.org/info/rfc6749</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC6750">[RFC6750]</dt>
        <dd>
<span class="refAuthor">Jones, M.</span> and <span class="refAuthor">D. Hardt</span>, <span class="refTitle">"The OAuth 2.0 Authorization Framework: Bearer Token Usage"</span>, <span class="seriesInfo">RFC 6750</span>, <span class="seriesInfo">DOI 10.17487/RFC6750</span>, <time datetime="2012-10" class="refDate">October 2012</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc6750">https://www.rfc-editor.org/info/rfc6750</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC7030">[RFC7030]</dt>
        <dd>
<span class="refAuthor">Pritikin, M., Ed.</span>, <span class="refAuthor">Yee, P., Ed.</span>, and <span class="refAuthor">D. Harkins, Ed.</span>, <span class="refTitle">"Enrollment over Secure Transport"</span>, <span class="seriesInfo">RFC 7030</span>, <span class="seriesInfo">DOI 10.17487/RFC7030</span>, <time datetime="2013-10" class="refDate">October 2013</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc7030">https://www.rfc-editor.org/info/rfc7030</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC7465">[RFC7465]</dt>
        <dd>
<span class="refAuthor">Popov, A.</span>, <span class="refTitle">"Prohibiting RC4 Cipher Suites"</span>, <span class="seriesInfo">RFC 7465</span>, <span class="seriesInfo">DOI 10.17487/RFC7465</span>, <time datetime="2015-02" class="refDate">February 2015</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc7465">https://www.rfc-editor.org/info/rfc7465</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC7507">[RFC7507]</dt>
        <dd>
<span class="refAuthor">Moeller, B.</span> and <span class="refAuthor">A. Langley</span>, <span class="refTitle">"TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks"</span>, <span class="seriesInfo">RFC 7507</span>, <span class="seriesInfo">DOI 10.17487/RFC7507</span>, <time datetime="2015-04" class="refDate">April 2015</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc7507">https://www.rfc-editor.org/info/rfc7507</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC7525">[RFC7525]</dt>
        <dd>
<span class="refAuthor">Sheffer, Y.</span>, <span class="refAuthor">Holz, R.</span>, and <span class="refAuthor">P. Saint-Andre</span>, <span class="refTitle">"Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)"</span>, <span class="seriesInfo">BCP 195</span>, <span class="seriesInfo">RFC 7525</span>, <span class="seriesInfo">DOI 10.17487/RFC7525</span>, <time datetime="2015-05" class="refDate">May 2015</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc7525">https://www.rfc-editor.org/info/rfc7525</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC7562">[RFC7562]</dt>
        <dd>
<span class="refAuthor">Thakore, D.</span>, <span class="refTitle">"Transport Layer Security (TLS) Authorization Using Digital Transmission Content Protection (DTCP) Certificates"</span>, <span class="seriesInfo">RFC 7562</span>, <span class="seriesInfo">DOI 10.17487/RFC7562</span>, <time datetime="2015-07" class="refDate">July 2015</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc7562">https://www.rfc-editor.org/info/rfc7562</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC7568">[RFC7568]</dt>
        <dd>
<span class="refAuthor">Barnes, R.</span>, <span class="refAuthor">Thomson, M.</span>, <span class="refAuthor">Pironti, A.</span>, and <span class="refAuthor">A. Langley</span>, <span class="refTitle">"Deprecating Secure Sockets Layer Version 3.0"</span>, <span class="seriesInfo">RFC 7568</span>, <span class="seriesInfo">DOI 10.17487/RFC7568</span>, <time datetime="2015-06" class="refDate">June 2015</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc7568">https://www.rfc-editor.org/info/rfc7568</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC8174">[RFC8174]</dt>
        <dd>
<span class="refAuthor">Leiba, B.</span>, <span class="refTitle">"Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words"</span>, <span class="seriesInfo">BCP 14</span>, <span class="seriesInfo">RFC 8174</span>, <span class="seriesInfo">DOI 10.17487/RFC8174</span>, <time datetime="2017-05" class="refDate">May 2017</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc8174">https://www.rfc-editor.org/info/rfc8174</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC8422">[RFC8422]</dt>
      <dd>
<span class="refAuthor">Nir, Y.</span>, <span class="refAuthor">Josefsson, S.</span>, and <span class="refAuthor">M. Pegourie-Gonnard</span>, <span class="refTitle">"Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier"</span>, <span class="seriesInfo">RFC 8422</span>, <span class="seriesInfo">DOI 10.17487/RFC8422</span>, <time datetime="2018-08" class="refDate">August 2018</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc8422">https://www.rfc-editor.org/info/rfc8422</a>&gt;</span>. </dd>
<dd class="break"></dd>
</dl>
</section>
<section id="section-10.2">
        <h3 id="name-informative-references">
<a href="#section-10.2" class="section-number selfRef">10.2. </a><a href="#name-informative-references" class="section-name selfRef">Informative References</a>
        </h3>
<dl class="references">
<dt id="Bhargavan2016">[Bhargavan2016]</dt>
        <dd>
<span class="refAuthor">Bhargavan, K.</span> and <span class="refAuthor">G. Leuren</span>, <span class="refTitle">"Transcript Collision Attacks: Breaking Authentication in TLS, IKE, and SSH"</span>, <span class="seriesInfo">DOI 10.14722/ndss.2016.23418</span>, <time datetime="2016-02" class="refDate">February 2016</time>, <span>&lt;<a href="https://www.mitls.org/downloads/transcript-collisions.pdf">https://www.mitls.org/downloads/transcript-collisions.pdf</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="NIST800-52r2">[NIST800-52r2]</dt>
        <dd>
<span class="refAuthor">National Institute of Standards and Technology</span>, <span class="refTitle">"Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations NIST SP800-52r2"</span>, <span class="seriesInfo">DOI 10.6028/NIST.SP.800-52r2</span>, <time datetime="2019-08" class="refDate">August 2019</time>, <span>&lt;<a href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf">https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC3316">[RFC3316]</dt>
        <dd>
<span class="refAuthor">Arkko, J.</span>, <span class="refAuthor">Kuijpers, G.</span>, <span class="refAuthor">Soliman, H.</span>, <span class="refAuthor">Loughney, J.</span>, and <span class="refAuthor">J. Wiljakka</span>, <span class="refTitle">"Internet Protocol Version 6 (IPv6) for Some Second and Third Generation Cellular Hosts"</span>, <span class="seriesInfo">RFC 3316</span>, <span class="seriesInfo">DOI 10.17487/RFC3316</span>, <time datetime="2003-04" class="refDate">April 2003</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc3316">https://www.rfc-editor.org/info/rfc3316</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC3489">[RFC3489]</dt>
        <dd>
<span class="refAuthor">Rosenberg, J.</span>, <span class="refAuthor">Weinberger, J.</span>, <span class="refAuthor">Huitema, C.</span>, and <span class="refAuthor">R. Mahy</span>, <span class="refTitle">"STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs)"</span>, <span class="seriesInfo">RFC 3489</span>, <span class="seriesInfo">DOI 10.17487/RFC3489</span>, <time datetime="2003-03" class="refDate">March 2003</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc3489">https://www.rfc-editor.org/info/rfc3489</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC3546">[RFC3546]</dt>
        <dd>
<span class="refAuthor">Blake-Wilson, S.</span>, <span class="refAuthor">Nystrom, M.</span>, <span class="refAuthor">Hopwood, D.</span>, <span class="refAuthor">Mikkelsen, J.</span>, and <span class="refAuthor">T. Wright</span>, <span class="refTitle">"Transport Layer Security (TLS) Extensions"</span>, <span class="seriesInfo">RFC 3546</span>, <span class="seriesInfo">DOI 10.17487/RFC3546</span>, <time datetime="2003-06" class="refDate">June 2003</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc3546">https://www.rfc-editor.org/info/rfc3546</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC3588">[RFC3588]</dt>
        <dd>
<span class="refAuthor">Calhoun, P.</span>, <span class="refAuthor">Loughney, J.</span>, <span class="refAuthor">Guttman, E.</span>, <span class="refAuthor">Zorn, G.</span>, and <span class="refAuthor">J. Arkko</span>, <span class="refTitle">"Diameter Base Protocol"</span>, <span class="seriesInfo">RFC 3588</span>, <span class="seriesInfo">DOI 10.17487/RFC3588</span>, <time datetime="2003-09" class="refDate">September 2003</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc3588">https://www.rfc-editor.org/info/rfc3588</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC3734">[RFC3734]</dt>
        <dd>
<span class="refAuthor">Hollenbeck, S.</span>, <span class="refTitle">"Extensible Provisioning Protocol (EPP) Transport Over TCP"</span>, <span class="seriesInfo">RFC 3734</span>, <span class="seriesInfo">DOI 10.17487/RFC3734</span>, <time datetime="2004-03" class="refDate">March 2004</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc3734">https://www.rfc-editor.org/info/rfc3734</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC3920">[RFC3920]</dt>
        <dd>
<span class="refAuthor">Saint-Andre, P., Ed.</span>, <span class="refTitle">"Extensible Messaging and Presence Protocol (XMPP): Core"</span>, <span class="seriesInfo">RFC 3920</span>, <span class="seriesInfo">DOI 10.17487/RFC3920</span>, <time datetime="2004-10" class="refDate">October 2004</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc3920">https://www.rfc-editor.org/info/rfc3920</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4132">[RFC4132]</dt>
        <dd>
<span class="refAuthor">Moriai, S.</span>, <span class="refAuthor">Kato, A.</span>, and <span class="refAuthor">M. Kanda</span>, <span class="refTitle">"Addition of Camellia Cipher Suites to Transport Layer Security (TLS)"</span>, <span class="seriesInfo">RFC 4132</span>, <span class="seriesInfo">DOI 10.17487/RFC4132</span>, <time datetime="2005-07" class="refDate">July 2005</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4132">https://www.rfc-editor.org/info/rfc4132</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4244">[RFC4244]</dt>
        <dd>
<span class="refAuthor">Barnes, M., Ed.</span>, <span class="refTitle">"An Extension to the Session Initiation Protocol (SIP) for Request History Information"</span>, <span class="seriesInfo">RFC 4244</span>, <span class="seriesInfo">DOI 10.17487/RFC4244</span>, <time datetime="2005-11" class="refDate">November 2005</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4244">https://www.rfc-editor.org/info/rfc4244</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4347">[RFC4347]</dt>
        <dd>
<span class="refAuthor">Rescorla, E.</span> and <span class="refAuthor">N. Modadugu</span>, <span class="refTitle">"Datagram Transport Layer Security"</span>, <span class="seriesInfo">RFC 4347</span>, <span class="seriesInfo">DOI 10.17487/RFC4347</span>, <time datetime="2006-04" class="refDate">April 2006</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4347">https://www.rfc-editor.org/info/rfc4347</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4366">[RFC4366]</dt>
        <dd>
<span class="refAuthor">Blake-Wilson, S.</span>, <span class="refAuthor">Nystrom, M.</span>, <span class="refAuthor">Hopwood, D.</span>, <span class="refAuthor">Mikkelsen, J.</span>, and <span class="refAuthor">T. Wright</span>, <span class="refTitle">"Transport Layer Security (TLS) Extensions"</span>, <span class="seriesInfo">RFC 4366</span>, <span class="seriesInfo">DOI 10.17487/RFC4366</span>, <time datetime="2006-04" class="refDate">April 2006</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4366">https://www.rfc-editor.org/info/rfc4366</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4492">[RFC4492]</dt>
        <dd>
<span class="refAuthor">Blake-Wilson, S.</span>, <span class="refAuthor">Bolyard, N.</span>, <span class="refAuthor">Gupta, V.</span>, <span class="refAuthor">Hawk, C.</span>, and <span class="refAuthor">B. Moeller</span>, <span class="refTitle">"Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)"</span>, <span class="seriesInfo">RFC 4492</span>, <span class="seriesInfo">DOI 10.17487/RFC4492</span>, <time datetime="2006-05" class="refDate">May 2006</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4492">https://www.rfc-editor.org/info/rfc4492</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4507">[RFC4507]</dt>
        <dd>
<span class="refAuthor">Salowey, J.</span>, <span class="refAuthor">Zhou, H.</span>, <span class="refAuthor">Eronen, P.</span>, and <span class="refAuthor">H. Tschofenig</span>, <span class="refTitle">"Transport Layer Security (TLS) Session Resumption without Server-Side State"</span>, <span class="seriesInfo">RFC 4507</span>, <span class="seriesInfo">DOI 10.17487/RFC4507</span>, <time datetime="2006-05" class="refDate">May 2006</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4507">https://www.rfc-editor.org/info/rfc4507</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4572">[RFC4572]</dt>
        <dd>
<span class="refAuthor">Lennox, J.</span>, <span class="refTitle">"Connection-Oriented Media Transport over the Transport Layer Security (TLS) Protocol in the Session Description Protocol (SDP)"</span>, <span class="seriesInfo">RFC 4572</span>, <span class="seriesInfo">DOI 10.17487/RFC4572</span>, <time datetime="2006-07" class="refDate">July 2006</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4572">https://www.rfc-editor.org/info/rfc4572</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC4934">[RFC4934]</dt>
        <dd>
<span class="refAuthor">Hollenbeck, S.</span>, <span class="refTitle">"Extensible Provisioning Protocol (EPP) Transport Over TCP"</span>, <span class="seriesInfo">RFC 4934</span>, <span class="seriesInfo">DOI 10.17487/RFC4934</span>, <time datetime="2007-05" class="refDate">May 2007</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4934">https://www.rfc-editor.org/info/rfc4934</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC5077">[RFC5077]</dt>
        <dd>
<span class="refAuthor">Salowey, J.</span>, <span class="refAuthor">Zhou, H.</span>, <span class="refAuthor">Eronen, P.</span>, and <span class="refAuthor">H. Tschofenig</span>, <span class="refTitle">"Transport Layer Security (TLS) Session Resumption without Server-Side State"</span>, <span class="seriesInfo">RFC 5077</span>, <span class="seriesInfo">DOI 10.17487/RFC5077</span>, <time datetime="2008-01" class="refDate">January 2008</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc5077">https://www.rfc-editor.org/info/rfc5077</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC5081">[RFC5081]</dt>
        <dd>
<span class="refAuthor">Mavrogiannopoulos, N.</span>, <span class="refTitle">"Using OpenPGP Keys for Transport Layer Security (TLS) Authentication"</span>, <span class="seriesInfo">RFC 5081</span>, <span class="seriesInfo">DOI 10.17487/RFC5081</span>, <time datetime="2007-11" class="refDate">November 2007</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc5081">https://www.rfc-editor.org/info/rfc5081</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC5101">[RFC5101]</dt>
        <dd>
<span class="refAuthor">Claise, B., Ed.</span>, <span class="refTitle">"Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information"</span>, <span class="seriesInfo">RFC 5101</span>, <span class="seriesInfo">DOI 10.17487/RFC5101</span>, <time datetime="2008-01" class="refDate">January 2008</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc5101">https://www.rfc-editor.org/info/rfc5101</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC5246">[RFC5246]</dt>
        <dd>
<span class="refAuthor">Dierks, T.</span> and <span class="refAuthor">E. Rescorla</span>, <span class="refTitle">"The Transport Layer Security (TLS) Protocol Version 1.2"</span>, <span class="seriesInfo">RFC 5246</span>, <span class="seriesInfo">DOI 10.17487/RFC5246</span>, <time datetime="2008-08" class="refDate">August 2008</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc5246">https://www.rfc-editor.org/info/rfc5246</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC5415">[RFC5415]</dt>
        <dd>
<span class="refAuthor">Calhoun, P., Ed.</span>, <span class="refAuthor">Montemurro, M., Ed.</span>, and <span class="refAuthor">D. Stanley, Ed.</span>, <span class="refTitle">"Control And Provisioning of Wireless Access Points (CAPWAP) Protocol Specification"</span>, <span class="seriesInfo">RFC 5415</span>, <span class="seriesInfo">DOI 10.17487/RFC5415</span>, <time datetime="2009-03" class="refDate">March 2009</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc5415">https://www.rfc-editor.org/info/rfc5415</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC5456">[RFC5456]</dt>
        <dd>
<span class="refAuthor">Spencer, M.</span>, <span class="refAuthor">Capouch, B.</span>, <span class="refAuthor">Guy, E., Ed.</span>, <span class="refAuthor">Miller, F.</span>, and <span class="refAuthor">K. Shumard</span>, <span class="refTitle">"IAX: Inter-Asterisk eXchange Version 2"</span>, <span class="seriesInfo">RFC 5456</span>, <span class="seriesInfo">DOI 10.17487/RFC5456</span>, <time datetime="2010-02" class="refDate">February 2010</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc5456">https://www.rfc-editor.org/info/rfc5456</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC6012">[RFC6012]</dt>
        <dd>
<span class="refAuthor">Salowey, J.</span>, <span class="refAuthor">Petch, T.</span>, <span class="refAuthor">Gerhards, R.</span>, and <span class="refAuthor">H. Feng</span>, <span class="refTitle">"Datagram Transport Layer Security (DTLS) Transport Mapping for Syslog"</span>, <span class="seriesInfo">RFC 6012</span>, <span class="seriesInfo">DOI 10.17487/RFC6012</span>, <time datetime="2010-10" class="refDate">October 2010</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc6012">https://www.rfc-editor.org/info/rfc6012</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC6083">[RFC6083]</dt>
        <dd>
<span class="refAuthor">Tuexen, M.</span>, <span class="refAuthor">Seggelmann, R.</span>, and <span class="refAuthor">E. Rescorla</span>, <span class="refTitle">"Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP)"</span>, <span class="seriesInfo">RFC 6083</span>, <span class="seriesInfo">DOI 10.17487/RFC6083</span>, <time datetime="2011-01" class="refDate">January 2011</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc6083">https://www.rfc-editor.org/info/rfc6083</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC6084">[RFC6084]</dt>
        <dd>
<span class="refAuthor">Fu, X.</span>, <span class="refAuthor">Dickmann, C.</span>, and <span class="refAuthor">J. Crowcroft</span>, <span class="refTitle">"General Internet Signaling Transport (GIST) over Stream Control Transmission Protocol (SCTP) and Datagram Transport Layer Security (DTLS)"</span>, <span class="seriesInfo">RFC 6084</span>, <span class="seriesInfo">DOI 10.17487/RFC6084</span>, <time datetime="2011-01" class="refDate">January 2011</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc6084">https://www.rfc-editor.org/info/rfc6084</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC6347">[RFC6347]</dt>
        <dd>
<span class="refAuthor">Rescorla, E.</span> and <span class="refAuthor">N. Modadugu</span>, <span class="refTitle">"Datagram Transport Layer Security Version 1.2"</span>, <span class="seriesInfo">RFC 6347</span>, <span class="seriesInfo">DOI 10.17487/RFC6347</span>, <time datetime="2012-01" class="refDate">January 2012</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc6347">https://www.rfc-editor.org/info/rfc6347</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC6460">[RFC6460]</dt>
        <dd>
<span class="refAuthor">Salter, M.</span> and <span class="refAuthor">R. Housley</span>, <span class="refTitle">"Suite B Profile for Transport Layer Security (TLS)"</span>, <span class="seriesInfo">RFC 6460</span>, <span class="seriesInfo">DOI 10.17487/RFC6460</span>, <time datetime="2012-01" class="refDate">January 2012</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc6460">https://www.rfc-editor.org/info/rfc6460</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC6614">[RFC6614]</dt>
        <dd>
<span class="refAuthor">Winter, S.</span>, <span class="refAuthor">McCauley, M.</span>, <span class="refAuthor">Venaas, S.</span>, and <span class="refAuthor">K. Wierenga</span>, <span class="refTitle">"Transport Layer Security (TLS) Encryption for RADIUS"</span>, <span class="seriesInfo">RFC 6614</span>, <span class="seriesInfo">DOI 10.17487/RFC6614</span>, <time datetime="2012-05" class="refDate">May 2012</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc6614">https://www.rfc-editor.org/info/rfc6614</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC7457">[RFC7457]</dt>
        <dd>
<span class="refAuthor">Sheffer, Y.</span>, <span class="refAuthor">Holz, R.</span>, and <span class="refAuthor">P. Saint-Andre</span>, <span class="refTitle">"Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)"</span>, <span class="seriesInfo">RFC 7457</span>, <span class="seriesInfo">DOI 10.17487/RFC7457</span>, <time datetime="2015-02" class="refDate">February 2015</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc7457">https://www.rfc-editor.org/info/rfc7457</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC8143">[RFC8143]</dt>
        <dd>
<span class="refAuthor">Elie, J.</span>, <span class="refTitle">"Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP)"</span>, <span class="seriesInfo">RFC 8143</span>, <span class="seriesInfo">DOI 10.17487/RFC8143</span>, <time datetime="2017-04" class="refDate">April 2017</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc8143">https://www.rfc-editor.org/info/rfc8143</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC8261">[RFC8261]</dt>
        <dd>
<span class="refAuthor">Tuexen, M.</span>, <span class="refAuthor">Stewart, R.</span>, <span class="refAuthor">Jesup, R.</span>, and <span class="refAuthor">S. Loreto</span>, <span class="refTitle">"Datagram Transport Layer Security (DTLS) Encapsulation of SCTP Packets"</span>, <span class="seriesInfo">RFC 8261</span>, <span class="seriesInfo">DOI 10.17487/RFC8261</span>, <time datetime="2017-11" class="refDate">November 2017</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc8261">https://www.rfc-editor.org/info/rfc8261</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC8446">[RFC8446]</dt>
        <dd>
<span class="refAuthor">Rescorla, E.</span>, <span class="refTitle">"The Transport Layer Security (TLS) Protocol Version 1.3"</span>, <span class="seriesInfo">RFC 8446</span>, <span class="seriesInfo">DOI 10.17487/RFC8446</span>, <time datetime="2018-08" class="refDate">August 2018</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc8446">https://www.rfc-editor.org/info/rfc8446</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC8447">[RFC8447]</dt>
      <dd>
<span class="refAuthor">Salowey, J.</span> and <span class="refAuthor">S. Turner</span>, <span class="refTitle">"IANA Registry Updates for TLS and DTLS"</span>, <span class="seriesInfo">RFC 8447</span>, <span class="seriesInfo">DOI 10.17487/RFC8447</span>, <time datetime="2018-08" class="refDate">August 2018</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc8447">https://www.rfc-editor.org/info/rfc8447</a>&gt;</span>. </dd>
<dd class="break"></dd>
</dl>
</section>
</section>
<section id="section-appendix.a">
      <h2 id="name-acknowledgements">
<a href="#name-acknowledgements" class="section-name selfRef">Acknowledgements</a>
      </h2>
<p id="section-appendix.a-1">Thanks to those that provided usage data and reviewed and/or improved
          this document, including: <span class="contact-name">Michael Ackermann</span>, <span class="contact-name">David Benjamin</span>, <span class="contact-name">David Black</span>, 
        <span class="contact-name">Deborah Brungard</span>, <span class="contact-name">Alan DeKok</span>, <span class="contact-name">Viktor Dukhovni</span>, <span class="contact-name">Julien Élie</span>,
        <span class="contact-name">Adrian Farrelll</span>, <span class="contact-name">Gary Gapinski</span>, <span class="contact-name">Alessandro Ghedini</span>, <span class="contact-name">Peter         Gutmann</span>, <span class="contact-name">Jeremy Harris</span>, <span class="contact-name">Nick Hilliard</span>,
 <span class="contact-name">James Hodgkinson</span>, <span class="contact-name">Russ Housley</span>, <span class="contact-name">Hubert Kario</span>, <span class="contact-name">Benjamin Kaduk</span>, <span class="contact-name">John Klensin</span>, 
          <span class="contact-name">Watson Ladd</span>, <span class="contact-name">Eliot Lear</span>, <span class="contact-name">Ted Lemon</span>,
   <span class="contact-name">John Mattsson</span>, <span class="contact-name">Keith Moore</span>, <span class="contact-name">Tom         Petch</span>, <span class="contact-name">Eric Mill</span>, <span class="contact-name">Yoav Nir</span>, <span class="contact-name">Andrei  Popov</span>, <span class="contact-name">Michael Richardson</span>, <span class="contact-name">Eric         Rescorla</span>, <span class="contact-name">Rich Salz</span>, <span class="contact-name">Mohit Sethi</span>, <span class="contact-name">Yaron Sheffer</span>, <span class="contact-name">Rob Sayre</span>,
        <span class="contact-name">Robert Sparks</span>, <span class="contact-name">Barbara Stark</span>, <span class="contact-name">Martin Thomson</span>, <span class="contact-name">Sean Turner</span>,
        <span class="contact-name">Loganaden Velvindron</span>, <span class="contact-name">Jakub Wilk</span>, and <span class="contact-name">Christopher Wood</span>.<a href="#section-appendix.a-1" class="pilcrow">¶</a></p>
</section>
<div id="authors-addresses">
<section id="section-appendix.b">
      <h2 id="name-authors-addresses">
<a href="#name-authors-addresses" class="section-name selfRef">Authors' Addresses</a>
      </h2>
<address class="vcard">
        <div dir="auto" class="left"><span class="fn nameRole">Kathleen Moriarty</span></div>
<div dir="auto" class="left"><span class="org">Center for Internet Security (CIS)</span></div>
<div dir="auto" class="left">
<span class="locality">East Greenbush</span>, <span class="region">NY</span> </div>
<div dir="auto" class="left"><span class="country-name">United States of America</span></div>
<div class="email">
<span>Email:</span>
<a href="mailto:Kathleen.Moriarty.ietf@gmail.com" class="email">Kathleen.Moriarty.ietf@gmail.com</a>
</div>
</address>
<address class="vcard">
        <div dir="auto" class="left"><span class="fn nameRole">Stephen Farrell</span></div>
<div dir="auto" class="left"><span class="org">Trinity College Dublin</span></div>
<div dir="auto" class="left"><span class="locality">Dublin</span></div>
<div dir="auto" class="left"><span class="postal-code">2</span></div>
<div dir="auto" class="left"><span class="country-name">Ireland</span></div>
<div class="tel">
<span>Phone:</span>
<a href="tel:+353-1-896-2354" class="tel">+353-1-896-2354</a>
</div>
<div class="email">
<span>Email:</span>
<a href="mailto:stephen.farrell@cs.tcd.ie" class="email">stephen.farrell@cs.tcd.ie</a>
</div>
</address>
</section>
</div>
<script>const toc = document.getElementById("toc");
toc.querySelector("h2").addEventListener("click", e => {
  toc.classList.toggle("active");
});
toc.querySelector("nav").addEventListener("click", e => {
  toc.classList.remove("active");
});
</script>
</body>
</html>
